Clients often want to know the progress during testing, and sometimes IT/SOC staff want to know if a recent change in a configuration or activity is related to our testing (vs. a possible unauthorized attacker). Because of this, during testing, we relay information in the following ways:

• Secure communications and file transfer avenues to ensure your information remains protected
• Immediate notification if an imminent risk or compromise is identified
• 24-7 support – name, phone number, and email address of all security engineers performing tests
• Access to a live “blog” of sorts, which contains the following:
  • security engineers’ real-time, unedited, unfiltered notes about where they currently are in the testing process
  • what has already been tested/attacked
  • exploits used
  • any changes/modifications to your network as part of the testing
  • See examples below

One method PEN Consultants uses to keep you abreast of the details of testing is through real-time notes and a journal-style timeline of every major task or simulated attack. Each command we run, or tool we use, is timestamped and listed as it is being run. Our “to do” list, “tasks complete” list, and every confirmed vulnerability or finding is also documented in real-time. These live notes are features unique to PEN Consultants since 2014 and have proven to be extremely valuable to many of our clients.

Note: In both cases, these entries are raw notes that would be roughly equivalent to quickly writing on a notepad. Because of this, they are not spell or grammar-checked and will not have all of the details and recommendations listed. Those details, along with a professional report, are provided after testing is complete.

Excerpts from the Live Timeline

[SNIP]

[SNIP]

[SNIP]

[SNIP]

Excerpts from the Live Notes

[SNIP]

[SNIP]

[SNIP]

[SNIP]

[SNIP]

[SNIP]

[SNIP] [SNIP]