Ok, in my folder on USHEdump there is a word doc called WSU-Report-Draft-1.0.docx. Please take a look at it today. Andrea has a meeting with her Infosec Task Force tomorrow at 1PM. If you have anything to add or change in this draft I need it before ~10 AM tomorrow.
Things I need your help with:
-I added a section in the executive summary called Summarized Finding that has some very brief stuff about what we found and were able to do. I don't like the heading name and I'm not sure if what I've got there is the right stuff or not. Please offer any suggestions.
-Chuck, I need some help making control 16 coherent. I added what you sent me yesterday in the recommendations as I thought it fit best there, but there is a lot of stuff in the findings that is verbatim from last year including stuff about their now old-news AD implementation. Anything you can do there would help.
-In the Penetration Testing detailed findings:
I reworked everything to have 3 sections: Tests and Findings Recommendations References (Optional)
This seemed to work best based on the subtly different formats I got from everyone. I mashed together some of the findings, Jake and Dave both had unauthenticated SMB shares writeups so they were combined. I included Jake's access to Lucas' workstation in with Chuck's writeup on using his credentials to pwn Banner, etc.
-Positive Findings:
This section is way anemic, and my brain hurts from staring at this report for three straight days, I'm having a hard time thinking of nice things. If you have something nice to say about Weber, let me know and I'll amend that section.
-Grammer, spelling, ugly verbiage, formatting critiques etc.
Thanks all of you for your hard work on your sections and help with the report in general.
Andrew
On 01/07/2014 04:39 PM, Andrew Goble wrote:
Alright, I've gotten stuff back from everybody and am putting the report together for a first draft. Andrea has a meeting with a committee on Thursday afternoon, she has requested a draft by then if possible. I will post a first draft late tonight or first thing in the morning for your review. Will let you all know when it's posted. You'll have roughly 24 - 36 hours to review it. We can make big changes if necessary even after I send it to Andrea, but it would be nice if you could all take a look sometime tomorrow to make sure there aren't major glaring problems.
Also, Jake sent in a couple of positive findings that I think I'll include in the report. if you have any positive findings you wish to highlight, please send those to me ASAP. I plan on having a single section devoted to that, so I just need to know what the positive finding is and a real brief blurb about it.
Thanks, Andrew _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess