Successful exploits could cause network disruptions, service outages, or data corruption, which could affect the connectivity and functionality of the oil rig network. Patch installations, application failures, and bandwidth limitations are less likely to be related to the penetration testing activities.

According to the CompTIA PenTest+ Study Guide, Exam PT0-0021, a statement of work (SOW) is a document that defines the scope, objectives, deliverables, and terms of a penetration testing project. It is a formal agreement between the service provider and the client that specifies what is expected from both parties, including the timeline, budget, resources, and responsibilities. A SOW is essential for any penetration testing engagement, as it helps to avoid misunderstandings, conflicts, and legal issues.
The CompTIA PenTest+ Study Guide also provides an example of a SOW template that covers the following sections1:
* Project overview: A brief summary of the project's purpose, scope, objectives, and deliverables.
* Project scope: A detailed description of the target system, network, or application that will be tested, including the boundaries, exclusions, and assumptions.
* Project objectives: A clear statement of the expected outcomes and benefits of the project, such as identifying vulnerabilities, improving security posture, or complying with regulations.
* Project deliverables: A list of the tangible products or services that will be provided by the service provider to the client, such as reports, recommendations, or remediation plans.
* Project timeline: A schedule of the project's milestones and deadlines, such as kickoff meeting, testing phase, reporting phase, or closure meeting.
* Project budget: A breakdown of the project's costs and expenses, such as labor hours, travel expenses, tools, or licenses.
* Project resources: A specification of the project's human and technical resources, such as team members, roles, responsibilities, skills, or equipment.
* Project terms and conditions: A statement of the project's legal and contractual aspects, such as confidentiality, liability, warranty, or dispute resolution.
The CompTIA PenTest+ Study Guide also explains why having a SOW is important before starting an assessment1:
* It establishes a clear and mutual understanding of the project's scope and expectations between the service provider and the client.
* It provides a basis for measuring the project's progress and performance against the agreed-upon objectives and deliverables.
* It protects both parties from potential risks or disputes that may arise during or after the project.

Testing with proof-of-concept code from an exploit database is the best method to support validation of the possible findings, as it will demonstrate whether the CVEs are actually exploitable on the target VoIP call manager. Proof-of-concept code is a piece of software or script that shows how an attacker can exploit a vulnerability in a system or application. An exploit database is a repository of publicly available exploits, such as Exploit Database or Metasploit.
Reference: https://dokumen.pub/hacking-exposed-unified-communications-amp-voip-security-secrets-amp- solutions-2nd-edition-9780071798778-0071798773-9780071798761-0071798765.html

Server-side request forgery (SSRF) is the vulnerability that the tester exploited by querying the provider's metadata and getting the credentials used by the instance to authenticate itself. SSRF is a type of attack that abuses a web application to make requests to other resources or services on behalf of the web server. This can allow an attacker to access internal or external resources that are otherwise inaccessible or protected. In this case, the tester was able to access the metadata service of the cloud provider, which contains sensitive information about the instance, such as credentials, IP addresses, roles, etc.
Reference: https://owasp.org/www-community/attacks/Server_Side_Request_Forgery