Second Part

Performing reconnaissance without informing the client

Obtaining explicit informed consent from the organization

Only testing public-facing systems without permission

Sharing test results with third parties for verification

Avoiding vulnerability disclosure to keep systems secure

Providing detailed findings and remediation steps to the client

Conducting stealth testing without client awareness

Expanding the scope of testing without permission

Secure only cloud-based systems from cyber threats.

Ensure adherence to national cybersecurity requirements.

Protect personal data of EU citizens.

Prevent physical theft of IT equipment.

GDPR

EG-CERT

PCI-DSS

ISO 27001

Preventing phishing attacks targeting employees

Ensuring compliance only for organizations in the financial sector

Protecting sensitive cardholder data such as card numbers and expiration dates

Encrypting all email communications between customers and merchants

Ignore low-severity vulnerabilities as they do not affect compliance q

Remediate identified vulnerabilities based on penetration testing recommendations

Document vulnerabilities without implementing changes

Perform penetration testing only after the annual compliance review

Lateral Movement

Data Exfiltration

Command and Control

Reconnaissance