Good security practice involves regular testing of your IT infrastructure for vulnerabilities and exploitable weaknesses.
Penetration testing, also referred to as pen testing is a standard approach to quantifying and identifying such vulnerabilities across an organisation. The test will usually try to simulate a real life threat and demonstrate how a system would hold up against such a threat.
By assessing if an IT System is susceptible to a cyber attack you will be able to plan, repair and strengthen your organisation’s infrastructure defences against such attack.
An internal pen test is undertaken within an organisation’s network, searching for vulnerabilities from within. An external pen test is performed remotely, with an ethical hacker looking for security vulnerabilities in internet-facing assets such as FTP and mail servers.
Such assessments can take two forms:
What is a vulnerability assessment?
An automated procedure using a range of scanners and tools to identify vulnerabilities across a system.
Such a scan aims to identify as many different vulnerabilities as possible and is often run more frequently than a full Penetration Test.
What is a Penetration Test?
Where a Vulnerability Scan aims to find easily identifiable vulnerabilities, a full Penetration Test builds upon such tools and uses the Penetration Tests skills and experience to identify weaknesses not found by scanners and/or use these skills to exploit such vulnerabilities..
What is a vulnerability assessment?
What is a penetration test?
Identify Risk and Vulnerabilities
Often weaknesses are hidden within the complexities of a systems design. By identifying them any issues in the system's deployment will be brought to your attention.
Build strong defences
By reviewing current weaknesses within your system you will not only be able to rectify such vulnerabilities but also use this knowledge to prevent further exploitation.
For both yourself and your customers.
Various accreditations from ISO27001 to Cyber Essentials require organisations to take a proactive stance to identify the potential threats within their IT system.
As an accredited and certified provider of Penetration Testing services CyberCrowd follows a standardised methodology:
This phase of the engagement involves using a range of tools and techniques such as active scanning, open-source intelligence (OSINT.) This involves; search closed sources, search open websites and domains, foot printing and identifying protection methods.
The vulnerability analysis aims to discover flaws within a system and an application that could be exploited by an attacker. The flaws can be misconfigurations or insecure platforms. Techniques used vary from automated vulnerability scanners, metadata analysis, traffic monitoring, public research, common/default password databases.
This phase of the engagement is to determine how crucial the machine is in the network, as well as maintain access to the machine if the test is scheduled to last a few days. Determining how critical the machine is will be identified by the sensitivity of the data stored on the machine and its usefulness to further exploits into the network. Post exploitation methods include infrastructure analysis, pillaging, data exfiltration, persistence, and further penetration into the infrastructure. CyberCrowd testers will clean up the system removing any evidence of their presence.
The exploitation phase of a penetration test focuses on gaining access to the system or resource by different methods depending on the intelligence gathered in previous steps. This phase should be a well-planned and specific attack. Methods vary from, but are not limited to, initial access, execution, persistence, privilege escalation, lateral movement, and credential access.
The final phase of the engagement is to produce a document that outlines any misconfigurations and exploits found with the supporting evidence cleanly and understandably. The report is broken into two distinct sections. The first of which is the executive summary which is aimed at those that oversee the security of the company and it will explain the goals of the engagement and any high-level findings. Then there is the technical report that is aimed towards the remediators of any issues found and will have more depth to the vulnerabilities found. For example, information, the attack path impact, and remediation suggestions.