Common Legal Documents

You probably wont see too much of the Sales documents unless you're higher up. They contain contract agreements and sales information

Sales Documents

  • Mutual Non-Disclosure Agreement (NDA)

    • Even before the contract is signed, the client will make you sign an NDA so you cant tell anybody about things specific to their network

    • Will come early on in sales process or right before ROE

    • Find out whats the goal and what they want done

  • Master Service Agreement (MSA)

    • Contractual Document

    • Specify performance objectives and outline the responsibilities of both parties

    • Blanket agreement that covers multiple contracts; legal mumbo jumbo

  • Statement of Work

    • Specific to one contract

    • Specify activities, deliverables, timelines, quotes

We will do an AD network pentest starting from this day and ending on this day; we will deliver you a findings report at the end and it'll cost this much

  • Sample Report, Recommendation Letters, etc.

Before you test

  • Rules of Engagement or CYA (cover yo ass)

    • Covers specifics of the testing

    • Says what you can and can't do

    • Commonly DoS attacks are off the table because you dont want to disrupt their work (ALWAYS)

    • Social engineering is usually off the table as well as it is usually its own test by itself

DO NOT START A PENETRATION TEST UNTIL THE ROE IS REVIEWED AND SIGNED

PreviousFindings ReportNextInitial Enumeration

Last updated

Was this helpful?