Clients often want to know the progress during testing, and sometimes IT/SOC staff want to know if a recent change in a configuration or activity is related to our testing (vs. a possible unauthorized attacker). Because of this, during testing, we relay information in multiple methods.
One method PEN Consultants uses to keep you abreast of the details of testing is through real-time notes and a journal-style timeline of every major task or simulated attack. Each command we run, or tool we use, is timestamped and listed as it is being run. Our “to do” list, “tasks complete” list, and every confirmed vulnerability or finding is also documented in real-time. These live notes are features unique to PEN Consultants since 2014 and have proven to be extremely valuable to many of our clients.
Note: In both cases, these entries are raw notes that would be roughly equivalent to quickly writing on a notepad. Because of this, they are not spell or grammar checked and will not have all of the details and recommendations listed. Those details, along with a professional report, are provided after testing is complete.