2.3. Codes, Call Signs and Communication
Before venturing into the field, it is useful to have a predefined list of code words and abbreviations regardless of what communications technology you choose to adopt. This is useful for speed of communication, security, and eliminating confusion and ambiguity. Some of these terms have been decided for us by historical convention; some are specific to the information that a penetration testing team will need to communicate and others are specific to an individual operating team.
The terms in Table 2.2 are drawn from my own experience and should be considered as suggestions. The terminology is not complete, to encourage readers to develop their own communication protocols according to their needs. Ensure that all team members are fluent with any adopted communication conventions.
In a simple test scenario as detailed in the last section, communication conventions are not necessary. However, when tests become complicated, with multiple team members in different locations, you should definitely establish and use communications protocols.
Category | Term | Meaning |
---|---|---|
Requesting or giving information | Roger | Acknowledged. |
Cancel my last | Ignore my last message | |
Stand down | Cancel test | |
Operating team designations | Alpha | A collective term for the operating team. |
Six | The team leader. This is drawn from American military parlance and is used for want of anything better. | |
One, Two, Three, etc. | Team members. | |
Target personnel | Tango ... |
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.