External penetration testing
External penetration testing simulates a persistent outside attacker. We use two different models when conducting external penetration testing:
- Blackbox penetration testing implies no prior knowledge of the infrastructure, so it is important to conduct adequate intelligence activities to identify potential entry points for the attack;
- Greybox penetration testing implies that the testing scope is predefined and agreed upon with the Customer, but no details are provided regarding the supporting infrastructure, application architecture and third-part services and frameworks.
In any case, after the scope is defined, we use the same methodology for both models, covering different types of attacks, misconfigurations and security flaws.
Internal penetration testing
Internal penetration testing implies that the attacker has either insider access or has successfully breached the perimeter. However, unlike adversary simulation assessments, a complete simulation focusing on stealth, evasion, and lateral movement in the network is not performed as a part of the internal penetration test. Instead, the testing team focuses on identifying as many potential attack vectors and compromise paths as possible, partially giving up attack realism to expand the testing coverage.
Thus, the penetration testing team is provided network access to all segments that need to be tested and basic relevant information about the environment and the segmentation of the infrastructure is tested separately, covering both network and service layers of the infrastructure while being more time-efficient.
Infrastructure penetration testing methodology
Infrastructure penetration testing assessments are very different between customers, but we use a repeatable and reliable structure for our tests. The step-by-step approach ensures consistency in key areas while being flexible enough to account for different attack environments and scenarios. The infrastructure penetration testing consists of the following steps:
Passive information gathering (optional)
In the case of a BlackBox external penetration test, different OSINT techniques are used in order to identify the potential attack surface.
Active information gathering
Both network and application security scanners are used to map the attack surface and gather information about in-scope applications and services.
Manual vulnerability testing
Scanning results are reviewed and the penetration testing team manually searches for security flaws and misconfigurations that can be potential vulnerabilities.
Vulnerability validation and exploitation
Security flaws vulnerabilities are exploited in order to assess their security risk and potential to be used in a chain.
Building an attack path
The vulnerabilities validated on the previous stage are chained, if possible, to create potential attack paths that can lead to compromise.
Creating a report
After conducting all of our penetration testing activities, we create a comprehensive report describing discovered vulnerabilities and attack paths. Once the report is reviewed, a debrief meeting is scheduled to answer any questions and elaborate on the details in the social engineering report.