This Consultant Agreement and Statement of Work (collectively the "Agreement" and individually the "Consultant Agreement" and the "SOW"), and the date shown on the signature block of the Consultant Agreement, is made and entered into by and between BLACK BREACH, LLC, and the Client identified on the SOW (collectively, the "Parties"), and shall be effective on the date fully executed by Client and Consultant (the "Effective Date"). 

All references herein to Consultant include all Principals, Employees, Consultants, and Contractors.

RECITALS

WHEREAS, this Agreement is governed by and subject to the terms and conditions of the Master Service Agreement entered into between Client and Consultant. In the event of any conflict between the terms and conditions of this Agreement and the Master Service Agreement, the terms and conditions of this Agreement shall prevail.

WHEREAS, the Parties agree that the services to be provided under this Agreement shall be governed by the provisions set forth in the Master Service Agreement, and the Parties further acknowledge and agree that any additional terms, conditions, or statements of work relating to specific services shall be incorporated as exhibits to the Master Service Agreement.

NOW, THEREFORE, in consideration of the promises, mutual covenants, and agreements set forth herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereto agree as follows:

SCOPE OF SERVICES. 

This Statement of Work outlines the scope and objectives of the Wi-Fi penetration test to be conducted by Black Breach, LLC for and the Client identified on the SOW (collectively, the "Parties"). The primary goal of this engagement is to assess the security of the Client's Wi-Fi network infrastructure and identify potential vulnerabilities that could be exploited by unauthorized individuals.

Phases of Wi-Fi Penetration Test

Pre-engagement Planning: Define the scope of the penetration test, including the Wi-Fi network components, SSIDs, and devices to be assessed. Coordinate with the Client's IT team to schedule testing windows and obtain necessary access permissions.

Reconnaissance and Discovery: Conduct passive information gathering to identify Wi-Fi network names (SSIDs), wireless security protocols (e.g., WPA2, WPA3), and nearby wireless devices. Perform active scanning to discover Wi-Fi access points (APs) and client devices.

Vulnerability Assessment: Utilize specialized tools and techniques to assess the security of the Wi-Fi network, including encryption strength, authentication mechanisms, and configuration settings. Identify vulnerabilities such as weak passwords, outdated firmware, misconfigured settings, and potential exploits.

Exploitation and Attack Simulation: Attempt to exploit identified vulnerabilities to gain unauthorized access to the Wi-Fi network or compromise connected devices. 

Documentation and Reporting: Document all findings, including identified vulnerabilities, attack paths, and recommended remediation steps. Provide a detailed report outlining the scope of the penetration test, methodology used, test results, risk assessment, and actionable recommendations for improving Wi-Fi security.

Client Debriefing and Follow-Up: Present the findings and recommendations to the Client's stakeholders and IT team in a debriefing session. Address any questions or concerns and guide prioritizing and implementing remediation measures. Offer ongoing support and assistance as needed to enhance the security posture of the Wi-Fi network.

Incident Response Triage

If the Client becomes the victim of a cybersecurity incident, the Consultant agrees to provide three (3) hours of incident response triage free of charge. Incident response triage includes all verbal expert recommendations on attempt recovery and recommended actions to be taken. Recovery is not guaranteed. Additional fees may apply hourly if additional services are required or requested.

Deliverables

Detailed Wi-Fi penetration test report outlining findings, vulnerabilities, risk assessment, and remediation recommendations.

An executive summary highlighting key findings and actionable insights for management.

Debriefing session with client stakeholders to discuss test results and recommendations.

Term

This Agreement commences on the Effective Date and will remain in effect through the Initial Term and all Renewal Terms, as specified in the SOW, unless otherwise terminated in accordance with the MSA (the Initial Term and all Renewal Terms collectively the "Term"). The Initial Term will be three (3) years from the Effective Date and will automatically renew for successive one-year periods, subject to the then-current conditions and price at the time of renewal. 

Payment Schedule

For monthly project services, the Client may pay annually or monthly at the Client's convenience. Payment will be due the first-month services start and as per terms outlined in the Consultant Agreement and Statement of Work and within (30) days of the invoice date. Amounts not paid when due will be subject to a late charge of one and one-half percent (1.5%) per month. Late charges are reasonable liquidated damages for collection fees and are not a penalty.

Invoice Remittance

Payment may be made as follows:

1. Mailed to: Black Breach, LLC, 1025 Rose Creek Drive, Suite 620-214, Woodstock, GA, 30189

2. Provided to Justin Shanken (or designee) in person

3. Wired directly to an account provided by Black Breach to Client

4. ACH directly to an account provided by Black Breach to Client

Last modified May 13, 2024