Dirty Network
Playbook.
Objective
This SOP defines the methodology for conducting a technical network vulnerability assessment of a commercial or institutional environment. It covers the external-facing attack surface, internal network segmentation, wireless security posture, and the convergence points where cyber vulnerabilities intersect with physical access. A "dirty network" is one where the administrator believes it is segmented and monitored, but the evidence tells a different story. This playbook provides the methodology to prove it.
Mandatory Pre-Engagement (ROE)
If any of the following cannot be produced, the engagement does not proceed. Unauthorized network scanning is a federal crime under the CFAA, regardless of intent.
- › Signed Rules of Engagement defining target IP ranges and acceptable testing methods.
- › Written authorization from a signatory with legal authority over the network.
- › Emergency contact chain: two named individuals reachable 24/7 during the testing window.
- › Insurance verification: professional liability and E&O coverage.
Execution Phases
01 / External Attack Surface
Passive OSINT reconnaissance, DNS enumeration, full TCP port scanning, and unauthenticated vulnerability scanning against all public-facing services.
02 / Internal Segmentation
Topology mapping and protocol analysis. Testing whether a device on the guest Wi-Fi can reach production databases or core infrastructure.
03 / Wireless Posture
SSID inventory mapping, authentication weakness testing, and measuring signal bleed to determine if the network is accessible from public areas.
04 / The Convergence Audit
Identifying physical access points (lobby network jacks, unprotected server rooms) that enable direct cyber exploitation.
Full Manual Contents:
- Passive DNS Enumeration Techniques
- Vulnerability Classification Matrices
- Evaluating Network Printer Security
- Rogue Access Point Detection
- Finding Formatting & Report Structure
- Vendor Accountability Confrontations