You are hired as part of a team of external Penetration Testers for a large enterprise network. The

organization that hired your team is in the retail industry and processes over 100,000 credit card

transactions everyday across 100 store locations. This organization has a very large network infrastructure

that connects their retail stores, business offices, and company headquarters. The Chief Information

Security Officer (CISO) would like your team to focus on their most critical systems and devices.
Prior to executing the penetration test, the CISO would like to meet with the team as they are nervous about

the test potentially bringing their network down. They would like to minimize impacts to their production

environment and ensure that their backup systems and devices are not targeted at the same time. They want

you to focus on the following: DNS servers, mail servers, web servers, database servers, firewalls, and

routers.
Your Team Lead would like you to develop a Test Plan for the penetration test.
1.0 Introduction
2.0 Overview of technical approach to conducting the test (high level methodology)
3.0 Detailed penetration testing (hacking) process
Note: Section 3 should include 1) attacks you will use, 2) tools, 3) timeline (you only have one week), 4)

reporting methods if major issues occur or if you identify incidents in their environment. You may make

these as sub-sections if you’d like (e.g., 3.1 Attacks Used, 3.2 Tools Used, etc.)
4.0 Summary