Persuasive Thesis Statement Instructions: Use The Informatio ✓ Solved

Posted on December 13, 2025

Persuasive Thesis Statement Instructions: Use the informatio

Persuasive Thesis Statement Instructions: Use the information in the Persuasive Strategy folder and Writing Essay 3 instructions to create a debatable persuasive thesis statement. Include the Topic and state the Purpose (choose one of the three purposes). Then type your tentative persuasive thesis statement (consider using must, must not, should, or should not).

Penetration Test Proposal Deliverable 2: Reconnaissance Plan and Scanning Plan. Provide a Reconnaissance Plan Overview summarizing the Reconnaissance phase. Identify specific passive and active reconnaissance methods and demonstrate a structured, ordered methodology while gathering key information that could be used to penetrate the network and systems of Haverbrook Investment Group. Provide a Scanning Plan Overview summarizing the Scanning phase. Outline Tactics, Techniques, and Procedures: discuss specific use cases to discover and enumerate information for potential exploitation (for example usernames, machine names, shares, and services). Identify any software, applications, or scripts needed and describe how they will be used to gather information about Haverbrook's systems. Include References.

Paper For Above Instructions

Part A — Persuasive Thesis Statement

Topic: Mandatory annual penetration testing and enhanced network controls at Haverbrook Investment Group.

Purpose: To invite or convince an audience to change position or adopt a course of action (implement a formalized, recurring penetration testing program and improved network segmentation).

Persuasive Thesis Statement: Haverbrook Investment Group should implement mandatory annual penetration testing and enhanced network segmentation because these measures reduce breach risk, protect client data, and ensure regulatory compliance.

Part B — Penetration Test Proposal Deliverable 2: Reconnaissance Plan Overview

Overview: The Reconnaissance phase will systematically collect external and internal information about Haverbrook Investment Group to build an accurate attack surface map. Reconnaissance begins with passive OSINT collection to identify domain names, public IP ranges, email formats, employee names, and exposed services, then transitions to authorized active discovery (non-intrusive where possible) to validate and enrich findings before any vulnerability exploitation (NIST, 2008).

Reconnaissance Methods — Passive

1. OSINT Enumeration: Use WHOIS, DNS records, passive DNS, and public registries to identify domain ownership, name servers, subdomains, and historical changes (Bazzell, 2016). Tools: whois, DNSDumpster, VirusTotal, passive DNS feeds.

2. Search Engine & Google Dorking: Query indexed pages to find exposed configuration files, login portals, or document metadata containing usernames (Purdue OWL guidance on targeted topic research is applicable for focused collection) (Purdue OWL, n.d.).

3. Shodan/ZoomEye: Identify internet-exposed hosts and services (e.g., IP cameras, outdated servers) and retrieve banners for service fingerprinting (Matherly, 2010).

4. Social Media & Corporate Sites: Collect employee names, roles, and email patterns via LinkedIn and company pages to construct targeted username lists and probable credentials (Bazzell, 2016).

Reconnaissance Methods — Active

1. DNS Enumeration & Subdomain Brute Force: Conduct active DNS queries and wordlist-based subdomain discovery to find internal-facing web hosts (Lyon, 2008).

2. Ping Sweeps and TCP/UDP Probes: Use masscan for large-range discovery then narrow with Nmap to validate live hosts and initial open ports (Lyon, 2008).

3. Banner Grabbing and Service Fingerprinting: Use Nmap and banner tools to identify service versions and potential vulnerable software (NIST, 2008).

4. Credential Harvesting Recon: With authorization, query exposed services such as SMTP VRFY, SNMP info, LDAP enumeration, and SMB/NetBIOS name services to enumerate machine names, shares, and user lists (Kim, 2018).

Scanning Plan Overview

Overview: The Scanning phase follows reconnaissance and focuses on targeted enumeration and vulnerability identification of the discovered hosts and services. Scanning will prioritize high-value assets and follow an ordered, minimally disruptive approach: discovery → fingerprinting → vulnerability scanning → validation. All scanning activities will be scheduled in coordination with Haverbrook’s IT and performed under written authorization to avoid business disruption (NIST, 2008).

Tactics, Techniques, and Procedures (TTPs) — Use Cases

Use Case 1 — Enumerate Usernames: Combine OSINT-derived name lists with LDAP/Active Directory queries (where permitted), SMTP enumeration, and password spray-resistant username discovery (enum4linux, ldapsearch) to compile probable username lists for later credential testing (MITRE ATT&CK techniques for discovery).

Use Case 2 — Discover Machine Names and Shares: Use NetBIOS/SMB enumeration tools (smbclient, enum4linux) to list machine names, SMB shares, and access controls; test for anonymous access or weak permissions that could expose sensitive files (OWASP, 2021).

Use Case 3 — Service Enumeration and Versioning: Perform Nmap version scans and banner grabs to identify services and versions (e.g., outdated Apache, SMBv1) that map to known CVEs and exploitation paths (Lyon, 2008; MITRE, 2022).

Use Case 4 — Web Application Discovery: Map web applications and endpoints using Burp Suite and Nikto and enumerate directories with gobuster to locate login panels, API endpoints, and misconfigurations (OWASP, 2021).

Software, Applications, and Scripts

Nmap: Primary network discovery and service fingerprinting; use -sS/-sV and NSE scripts for safe enumerations (Lyon, 2008).

Masscan: High-speed host discovery for large IP ranges; results refined with Nmap (Lyon, 2008).

Shodan & ZoomEye: Passive discovery of exposed infrastructure and historical footprints (Matherly, 2010).

theHarvester / Recon-ng / Maltego: Aggregation of email, domain, and employee information from public sources (Bazzell, 2016).

enum4linux, smbclient, nbtscan: SMB/NetBIOS and Active Directory enumeration for machine names, shares, and user lists (Kim, 2018).

Nessus or OpenVAS: Authenticated and unauthenticated vulnerability scanning to identify missing patches and known CVEs; use authenticated scans for depth where credentials are provided (Tenable, 2020; Greenbone, 2020).

Burp Suite, Nikto, and OWASP ZAP: Web application scanning and manual inspection of application behavior and input validation (OWASP, 2021).

Custom scripts: Python scripts leveraging requests, ldap3, and SMB libraries to automate specific enumeration tasks while logging for auditability (Kim, 2018).

Methodology and Order

1. Authorization & Rules of Engagement: Confirm written authorization and define out-of-scope assets and time windows (NIST, 2008).

2. Passive OSINT collection to limit noise and build target lists (Bazzell, 2016).

3. Non-intrusive active discovery (ping, port scans with rate limits) to validate hosts (Lyon, 2008).

4. Focused enumeration of services and credentials using authenticated scans if credentials provided, followed by vulnerability scans (Tenable, 2020).

5. Reporting: Produce a prioritized findings report with risk ratings, evidence, recommended remediation, and retesting guidance (NIST, 2008).

Ethical, Legal, and Operational Considerations

All activities will adhere to legal and contractual constraints; testing will only proceed with explicit written authorization. Scans will be throttled to avoid denial-of-service risks and scheduled during approved windows. Sensitive discoveries (PII, client data) will be handled per agreed disclosure and data protection policies (NIST, 2008).

Conclusion

This combined deliverable provides a persuasive rationale for instituting mandatory penetration testing at Haverbrook Investment Group and a concrete Reconnaissance and Scanning Plan to execute authorized testing. The approach balances passive discovery, careful active enumeration, and validated scanning tools to identify usernames, machine names, shares, and services for prioritized remediation (MITRE, 2022; OWASP, 2021).

References

NIST. (2008). NIST Special Publication 800-115: Technical Guide to Information Security Testing and Assessment. National Institute of Standards and Technology. https://nvlpubs.nist.gov
MITRE. (2022). ATT&CK® Framework. MITRE Corporation. https://attack.mitre.org
OWASP. (2021). OWASP Testing Guide. Open Web Application Security Project. https://owasp.org
Matherly, J. (2010). Shodan: The search engine for the Internet of Things. Shodan. https://www.shodan.io
Lyon, G. F. (2008). Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure.Com LLC.
Tenable. (2020). Nessus Documentation and Best Practices. Tenable, Inc. https://www.tenable.com
Greenbone Networks. (2020). OpenVAS / Greenbone Vulnerability Management documentation. https://www.greenbone.net
Kim, P. (2018). The Hacker Playbook 3: Practical Guide To Penetration Testing. Secure Planet LLC.
Bazzell, M. (2016). Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information. IntelTechniques.
Purdue OWL. (n.d.). Purdue Online Writing Lab: Thesis Statements. Purdue University. https://owl.purdue.edu

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.