noshitsecurity

sincera's pandora

NSS Rules of Engagement



Primary Contact: flags@noshitsecurity.com

Secondary Contact: support@noshitsecurity.com


Target Organization Contact Information

Primary Contact: same

Secondary Contact: same


Briefings

“Daily Debriefing” Frequency: daily

“Daily Debriefing” Time/Location: #ctf-discussion, #genius


Start date

Start Date of Penetration Test: 09/16/2020 0001 CDT

End Date of Penetration Test: never

Testing Occurs at Following Times: always

Will test be announced to target personnel: no

Will target organization shun IP addresses of attack systems: no


Shunning

Does target organization’s network have automatic shunning capabilities that might disrupt access in unforeseen ways (i.e. create a denial-of-service condition), and if so, what steps will be taken to mitigate the risk:

backoff or strikeout; wait


Would the shunning of attack systems conclude the test: no

If not, what steps will be taken to continue if systems get shunned and what approval (if any) will be required:


Gather your resources

What can you do with what you have?

Move forward however you can


Target systems

https://www.noshitsecurity.com and the VMs located there only.

Is this a “black box” test: yes


What is the policy regarding viewing data (including potentially sensitive/confidential data) on compromised hosts:

Please do not publicly disclose techniques or the contents of keys

Please do not publicly disclose techniques or the contents of eggs

Please do not publicly disclose PGP private keys used in the CTFs


Will target personnel observe the testing team: yes



Signature of Primary Contact representing Target Organization


09-16-2020

Date