HomeEthical Hacking in 5 DaysDay 5
Day 5 of 5
⏱ ~60 minutes
Ethical Hacking in 5 Days — Day 5

Reporting & Remediation

A penetration test without a report is worthless. Today you learn to write executive summaries, technical findings, and remediation recommendations that both the CISO and a sysadmin can act on.

Pen-Test Report Structure

A professional report has four sections: (1) Executive Summary — business risk in plain English; (2) Scope and Methodology — what was tested, how, and when; (3) Findings — each vulnerability with risk rating, evidence, and remediation; (4) Appendices — raw tool output, screenshots, and CVE references. Use the CVSS 3.1 scoring system for consistency.

Writing Effective Findings

Each finding follows a template: Title, CVSSv3 Score, Affected Systems, Description, Evidence (screenshot + command output), Business Impact, and Remediation Steps. Be specific about remediation — 'patch the server' is useless. 'Apply Microsoft Security Update KB5012170 to remediate CVE-2021-34527 (PrintNightmare)' is actionable.

Remediation Recommendations

Recommendations must be prioritized by risk and effort. Critical/High findings require immediate patching. Medium findings go on a 30-day remediation plan. Low findings are tracked in a risk register. Always include a re-test recommendation — fixes need validation. Many firms offer a free re-test as part of their engagement fee.

text
FINDING: Unauthenticated Remote Code Execution via EternalBlue
CVSSv3 Score: 9.8 (Critical)
Affected System: 192.168.1.100 (WIN-DC01)

Description:
The target system is missing MS17-010, allowing an
unauthenticated attacker to execute arbitrary code as
SYSTEM via the SMBv1 protocol (CVE-2017-0144).

Evidence:
[Screenshot: meterpreter shell with 'getuid' output]
Server username: NT AUTHORITY\SYSTEM

Business Impact:
An attacker with SYSTEM access on the domain controller
can extract all Active Directory credentials, enabling
complete domain compromise and ransomware deployment.

Remediation:
1. Disable SMBv1 immediately (Set-SmbServerConfiguration
   -EnableSMB1Protocol $false)
2. Apply MS17-010 security update
3. Block inbound TCP/445 at perimeter firewall
Timeline: Immediate (within 24 hours)
💡
Proofread your report as carefully as your code. Typos and factual errors destroy client confidence. Have a colleague review findings before delivery.
📝 Day 5 Exercise
Write Your First Pen-Test Report
  1. Download a professional pen-test report template (PentestGeek or TCM Security both offer free templates)
  2. Write an Executive Summary for your Metasploitable lab engagement (2 paragraphs max)
  3. Write 3 full findings using the template above for the vulnerabilities you exploited
  4. Assign CVSS 3.1 scores to each finding using the NVD CVSS calculator
  5. Write specific, dated remediation recommendations for each finding

Day 5 Summary

  • Reports have four sections: Executive Summary, Scope, Findings, Appendices
  • Each finding needs a CVSSv3 score, evidence, and specific remediation steps
  • Remediation priorities: Critical/High immediate, Medium 30 days, Low risk register
  • Always recommend a re-test to validate fixes
  • Plain English in the executive summary — assume zero technical knowledge
Challenge

Complete a full mock pen-test report for your Metasploitable lab engagement covering all vulnerabilities you found across Days 1-4. Aim for a polished, professional document you could show in a job interview.

← Previous
Day 4: Post-Exploitation & Privilege Escalation
Course complete
Back to course overview
Finished this lesson?