A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.
Which of the following is the BEST action for the penetration tester to take?
The best course of action for a penetration tester upon discovering an unknown IP range associated with an always-on VPN tunnel to a third-party supplier is to stop the assessment and inform the emergency contact. This is because the IP range is likely out of scope, and any unauthorized access or manipulation of a third-party network can lead to severe legal and financial consequences. Maintaining ethical standards and adhering to the scope of the engagement are paramount in penetration testing.
C. Stop the assessment and inform the emergency contact. The best action for the penetration tester to take after discovering the unknown IP range on the network device would be to stop the assessment and inform the emergency contact. The IP range belongs to a third-party supplier, which is likely out of scope for the assessment, and any unauthorized access or manipulation of their systems could have severe legal and financial implications. It would be inappropriate to utilize the tunnel as a means of pivoting to other internal devices, as it would be unauthorized access. Disregarding the IP range would be a violation of professional conduct, as well as a potential violation of laws. Scanning the IP range for additional systems to exploit would be unauthorized access and could lead to severe legal and financial consequences. It is important for penetration testers to follow strict guidelines and procedures when conducting assessments, and to always err on the side of caution when it comes to accessing systems that are out of scope.
I could see B, C here I dont think it would be D because this is a third party network that has not approved our pentest which means we do not have permission. I personally think B is the correct Answer.
Yep B is the correct answer. Its a third party and not identified so its out of scope. Found it put it in the report. Not getting paid to pen test that.
I agree with B here to disregard the IP range. The question says the range was unknown, so the range wasn't in scope anyway. Likely on purpose. I'd lean towards C if the tester discovered a tunnel to an unknown entity within the IP scope.
The BEST action for the penetration tester to take in this scenario is to immediately stop the assessment and inform the appropriate personnel. Option C is the correct answer. As a penetration tester, it is important to follow a strict code of ethics and always act in a responsible and professional manner. The fact that the IP range is part of an always-on VPN tunnel to a third-party supplier means that it is likely not within the scope of the assessment, and attempting to exploit or pivot through the VPN tunnel could result in serious consequences for both the penetration tester and the third-party supplier. In addition, the fact that the IP range was previously unknown suggests that it may be a critical component of the network infrastructure, and any unauthorized access or activity could potentially cause significant damage.
Yes after read your right
What you think about question 18?
have a look.
C - You stop the assessment immediately and inform the emergency contact. B - Disregarding the IP range as it is out of scope is wrong. It is illegal to scan another client's IP range without permission. You have gained access into the third party supplier's vpn tunnel which is illegal.
If the question say "a Third Party supplier" so it means Pentester must be aware of the supplier. IP range must be out of scope that is why it is unknown.
ccccccccccccccc
its third party out of scope so B is the answer
I have to go with B. It says it's a VPN to the 3rd party supplier. This is common. Just because it's unknown to the PenTester doesn't mean its malicious, it's just out of scope. Disregard and move on.
B. Disregard the IP range, as it is out of scope
Agree with C. This could be one of the reasons for communication - situational awareness. This may also lead to goal reprioritization if previously unknown IP range. I imagine the SOW document should have an out-of-scope list as well as in-scope IP ranges.
C. Stop the assessment and inform the emergency contact.
"previously unknown IP range" - to whom? To the pentester? That means it's not in scope, but doesn't say anything about it being in any way suspicious or unknown to the client. If it's unknown to the client, then C, but that's information that is unknown to the pentester (that the IP range is unknown to the client).
Penetration testing must always be conducted within the boundaries and scope defined by the client, including adherence to legal and ethical guidelines. If the penetration tester encounters an IP range or network segment that wasn't identified in the scope of the engagement, it would be inappropriate to continue probing, exploiting, or utilizing that range without proper authorization. The most responsible course of action would be to: C. Stop the assessment and inform the emergency contact.
C is correct You stop the assessment immediately
The best action for the penetration tester to take is A. Utilize the tunnel as a means of pivoting to other internal devices. By using the VPN tunnel, the penetration tester can gain access to other internal systems, allowing them to gain a deeper understanding of the architecture and potential vulnerabilities.
The best action for the penetration tester to take is A. Utilize the tunnel as a means of pivoting to other internal devices. By using the VPN tunnel, the penetration tester can gain access to other internal systems, allowing them to gain a deeper understanding of the architecture and potential vulnerabilities.
C is the answer for sure
B is correct
D. It is a pentest and finding additonal systems to exploit is your job as a pentester.
Breaking ROE and scanning a third party probably isn't the best way to do business.