> For the complete documentation index, see [llms.txt](https://davidtancredi.gitbook.io/pentesting-notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://davidtancredi.gitbook.io/pentesting-notes/r3dcl1ff/pentesting-checklist-s/internal-pentest-checklist/rules-of-engagement.md). # Rules of engagement General checklist 1. Ensure all questionnaire information has been completed. Need in-scope IP addresses the business day before testing. If scope IP addresses have been provided: 2. Confirm that ALL IP addresses provided are in-scope, especially if they provided subnet ranges (i.e. 10.0.0.0/24, where /# is a subnet range). 3. Check to see if the scope is for a max of 'X' number of hosts but the client handed you a larger number of hosts. In that case, you'll need to remind the client of the scope and ask them to narrow the target hosts/networks down to match what they paid for and the assessment window 4. Are any targets legacy or fragile systems which may need additional care to preserve uptime? 5. What is your biggest priority in protecting? 6. What is your account lockout policy? Should we encounter a login interface and attempt password spraying attacks, we would like to avoid causing lockout disruptions. Note: The easiest way for the client to find this if unknown is to open a cmd prompt and enter `net accounts`. 7. Also check: ``` Lockout threshold Lockout duration Lockout observation window ``` 8. Does your network or any web application store/process personal information data or pci data(credit cards,bank accounts, financial statements)?Should this be prioritized? 9. Does the network have any segmentation that we should be aware of? 10. Will a valid domain user account be provided for testing, simulating the initial compromise of a single employee's credentials/workstation? 11. When onsite, are we permitted to interact with unlocked employee workstations? 12. Will we be facing controls such as Cisco ISE or NAC (Network Access Controls)? If yes - are we allowed to physically bypass these controls by moving around the building and searching for unsecured ports / hijacking ports from other devices such as printers/phones/audio equipment? 13. Can we test into the evening / after normal business hours? 14. On arrival to the site, should we immediately introduce ourselves to a receptionist? Or are we permitted to simply walk in, see if we are stopped, and if not find a desk/open network port and begin initial testing? 15. Dress code? --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://davidtancredi.gitbook.io/pentesting-notes/r3dcl1ff/pentesting-checklist-s/internal-pentest-checklist/rules-of-engagement.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.