Watch: A Real Readout

The video below is a recorded readout session from a penetration testing engagement. A consultant presents their findings from an Active Directory assessment, walks through the attack chain, and then faces questions from the client.

Pay attention to three things:

What they lead with. Notice how the presenter chose to lead with the focus on the executive summary as they are considering the non-technical folks in the meeting. And then when they started addressing the findings, they started with the finding with the highest business risk.

How they handle questions. The client asks questions that have nothing to do with exploits. They ask about business risk, prioritization, and confidence levels. There will either be a readout call with just the developers and then a separate one with business folks, or there will be one call with everyone on there, so you have to cater to both audiences.

The artifacts. The presenter is working from a report they wrote. Everything you see in this readout was produced during the engagement cycle you’re about to learn.

This is where the course ends. Everything after this lesson teaches you how to get to this moment. Are you ready?

After watching, answer the observation questions in the challenge panel. These aren’t trick questions. These questions are designed to make you watch actively instead of passively.