Skip to content

Dry Run

Dry Run: CTFd Activity Prompt

This is a Dry Run Operation to prepare you for tomorrow’s real operation. You will be provided with a mission tasks sheet, Rules of Engagement, and scope.

Maintain 'low visibility' on the wire, as security products may be in place, and document your actions and results as you will be expected to provide Operation Notes at the end of the operation.

Take notes on this document

Dry Run Operation DD MMM YYYY Start Time: 0830 Duration: 3 Hours

nformation Systems Penetration Test

Actively exploit and attack networked Information Systems for the purposes of identifying and reporting vulnerabilities.

Perform all tasks outlined in this document.

Mission Scope:

  • All public facing systems of target entity excluding devices responsible for networking (routers, switches, etc).
  • Known web address will be supplied out of band.
  • Internal network of target entity devices responsible for networking (routers, switches, etc)

Rules of Engagement:

  • Google documents, and all other shareable document platforms, are forbidden during this operation. +
  • All communication platforms and applications, such as Slack or G-mail, are forbidden during this operation.
  • You are authorized to modify passwords to user accounts.
  • Writing to disk is authorized on all machines.
  • You will not destroy data/systems, perform Denial of Service (DoS), or otherwise disrupt business operations of any entity during this penetration test.
  • You will not use Metasploit tools for any affect with the exception of shell-code generation.
  • You will not target routers, switches or other networking devices.
  • You will not target entities or systems outside of the scope previously defined.
  • You will not interfere with other entities operations in any way.

Prior Approvals:

  • Open Source Intelligence (OSINT) through publicly available resources.
  • Scrape appropriate web content that will provide operational data.
  • Testing of found credentials.

Disapproval

  • Do not modify network device configurations.
  • Do not destroy data.

Dry Run: Instructor Class Explanation

Objective(s):

The following objectives are:

  • To challenge the students ability to enumerate, analyze, and assess the situation by applying critical thinking skills to perform necessary actions to meet the objectives.
  • To assess the students ability to perform the techniques, tactics and knowledge gained throughout the Security module.
  • To provide the students an opportunity to evaluate, assess and improve their methodologies.

Format:

  • There are no CTFd challenge flags for the Dry Run.
  • Students will be guided by an objectives list (see Dry Run Document)
  • Students will need to meet the conditions detailed in the Dry Run Document, under each specified host, in order to complete the objectives before moving onto the next host