Conducting a Penetration Test

During my exchange semester I took the course “Penetration Testing”, which focused on the approaches an intruder might take to gain access to systems and what tools they may use. An additional focus on ethics was made.

In the final project of the course we had to conduct a full penetration test of a fictitious company Nidelv Productions. The goal of the assignment was to find six flags hidden in the companies network and to write a report adressed to the IT personnel in charge of the infrastructure. The report should contain found vulnerabilities and risks and give recommendations on what issues should be addressed first based on both perceived risk of exploitation and expected difficulty of remediation.

Given was a public IP address of the company and a rough sketch of the network.

Read the full report here