How to present hacking / pentest findings to non-technicals?

General technological topics without their own forum go here

How to present hacking / pentest findings to non-technicals?

Post by tremor77 on Mon Nov 14, 2016 2:45 pm
([msg=93097]see How to present hacking / pentest findings to non-technicals?[/msg])

Dilemna... you're banging away at pen-testing for a big client. Intranet, routers and WAPs, servers, cloud servers, cloud applications, websites, IoT devices, other random crap.

You've got all sorts of good data.. open ports, CVE's, vulernabilities, and generally interesting items that you think should be addressed, from.. hey your website is a 3 yr old version of wordpress to OMG you've got plain text password authentication to your payroll system over an open wifi router that could easily be evil twinned.

The problem is, you need to present this data, and not to an IT person but rather, at a high level to a business person who, wants charts and graphs.. pretty colors and literally 5 minutes of his time.

My question is, what do you use to present an articulate and detailed presentation for an accumulation of data collection for security and testing... but in a way that's simple and brief (obviously we can attach the gory details in whitepaper format later on for the IT people to look at). Any suggestions?
User avatar
tremor77
Addict
Addict
 
Posts: 1098
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: How to present hacking / pentest findings to non-technicals?

Post by limdis on Mon Nov 21, 2016 8:29 am
([msg=93125]see Re: How to present hacking / pentest findings to non-technicals?[/msg])

Hey man, a little late responding so hopefully you can see this before you have to make your presentation.

I went through this just last week. We had to present the audit findings to our board which is compromised of accountants who are also members of a large investment group. What you need to focus on is what they understand. In my case, it was money. I could have told them literally anything as long as the threat of damages was high enough and a cost effective solution was viable and quick. We threw in some flash regarding damaging reputations with a handful of charts and it went pretty smoothly. You'll never get them to fully understand in the time you need. So get flashy, tell them how damages would apply to them if exploited and not so much the fine details. Leave that for the white paper.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: How to present hacking / pentest findings to non-technicals?

Post by ronanroger on Fri Dec 06, 2019 4:45 am
([msg=99836]see Re: How to present hacking / pentest findings to non-technicals?[/msg])

I really appreciate your post information. We know that hack is an illegal thing. I also using the Asus router for internet connection. Recently can't login to asus router and for that reason, I could not get internet access. I could not understand that the password was hack or not. Because I tried many possible processes but could not be login. If anyone has any solution then suggest to me.
ronanroger
New User
New User
 
Posts: 1
Joined: Fri Dec 06, 2019 4:28 am
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests

cron