Traditional Penetration Testing

by real Ethical Hackers

Traditional Penetration Testing

Penetration Testing or Pen Testing is a technical review of your systems, your processes and sometimes your people. Penetration Testing is carried out to uncover vulnerabilities, threats and risks that an attacker could exploit in software applications, networks or web applications. Penetration Testing can be called many things. We commonly see pentest, pentesting and PENtest. They are all the same thing.

We perform a number of different types and classes of penetration testing to help enable you to get the maximum return on your testing investment. You reduce your Cyber Risk with penetration testing, as well as protect your customers and your own information as well help maintain your reputation.

How Penetration Testing helps your business

  1. Know whether your critical assets are at risk
  2. Identify and mitigate complex security vulnerabilities before an attack can exploit them
  3. Get realistic findings and comprehensive recommendations
  4. Understand how the most sophisticated attackers operate based on intelligence gained over 10 years of being in business

What is involved in a Penetration Test

In this section we have detailed what is involved in each of the seven steps of a traditional penetration test. The exact work undertaken depends a lot on what the scope of the test is, but this is enough to give an idea of what is involved.

  • 1 Pre-Engagement

    This is one of the most critical steps in ensuring success in your penetration test. The Pre-Engagement is where we work together to define the scope, and the goal of the test rigorously. We do this through a scoping call, and you can book these at a time and date convenient to you.

    During the scoping call for your penetration test, we are looking to identify exactly what needs testing, how complex it is and how much time we will need to use to complete the penetration test to the best of our capability. We will also look to identify the goal of the penetration test. The goal could be as simple as identify all the exploitable vulnerabilities. It could be a lot more complex such as pivot through an exploited host and attack the internal network to gain access to client data.

    Having a well defined scope is the key to the success of your penetration test. This is why we can never answer the question of how much is a penetration test until we have had a call to discuss your penetration testing scope.

  • 2 Intelligence Gathering

    The second step in a penetration test is Intelligence Gathering, and it is a two step process. The first step is, at Hedgehog anyway, done in the background normally a week before your test start date. The vast majority of the intelligence gather phase is performed by automated scripts. The scripts are typically used within a penetration test too, for more targeted needs. Essentially we are looking to gather as much information about your business and your penetration test scope as we can from available public sources.

    During the second part of the intelligence gathering phase, we will review the output from step 1 and any documents or information you have provided us. This is typically done the day prior to your penetration test starting. We will scour the internet, and to an extent, the dark webs, to identify any further information or data that could be beneficial to your test. The typical documentation we are looking for includes system architecture, data flow, infrastructure, concepts, password hashes, names, identities etc.

    What is the purpose of this? Well imagine if we were to find the companies internal information in a forgotten bit-bucket somewhere? This could be used in the penetration test to help gain access to systems. Equally, it will help identify any potential client information left exposed. It all goes to helping complete the most comprehensive penetration test available to you and ensure a positive return on your investment.

  • 3 Reconnaisance

    The reconnaissance phase of every penetration test builds on the Intelligence Gathering stage through the use of active, in-depth technical review of the scoped environment. We will delve into each of the systems/applications in scope to identify the component structure and map all of the points of interaction.

    This part of penetration testing is vitally important to the success of the test. We will look to identify every point of interaction that a user can have with a system, application or target. We will identify the technologies used and whether there are any easy wins that can be identified. This is done through port scanning, passive information analysis, mapping and analysis. The goal if this phase is for our penetration testers to understand the scoped environment in its fully extent.

  • 4 Analysis

    Vulnerability Analysis is the most time-consuming aspect of every penetration test. Vulnerability Analysis starts with a series of reviews of the scoped environment using various vulnerability scanning tools. We typically use a number of scanners and tools to aid in the rapid analysis of vulnerabilities. Our primary tool for vulnerability analysis is Secure, our in house developed vulnerability scanner. Secure uses a number of internally developed processes as well as commercial scanners including Nessus, OpenVAS and NeXpose.

    The output from the vulnerability analysis phase is the identified of known vulnerabilities. Every one of these vulnerabilities is then manually reviewed and validated. Once the automated scans are complete and the vulnerabilities confirmed, the tester then moves on to attempting to find unknown vulnerabilities manually. With Web Application testing, the bulk of the time is spent in manual vulnerability analysis. Unknown vulnerabilities are commonly known as zero days and these can exist in many different areas of the scope. This is why the vulnerability analysis is the most time consuming.

  • 5 Exploitation

    The exploitation phase of the penetration test is where we take all the vulnerabilities we have identified and use them to try and reach the goal set out in the Pre-Engagement step. We review each of the vulnerabilities, identify any exploits available for use and perform exploitation in a safe and controlled manner.

    In a Web Application penetration test, this might lead us to bypass authentication controls or use other users accounts. We may be able to access information that would usually be protected by session management and authentication and authorisation controls.

    In an Infrastructure pen test, this might result in the tester being able to sniff passwords on the network or gain access to a server. The goal of exploitation is to work towards achieving the objectives of the test incrementally.

    Once an exploit is successful, the entire pen test process restarts at Intelligence Gathering within the context of the exploited system or application. Exploitation testing can be extremely time consuming so it must be conducted in a very controlled manner.

  • 6 Post Exploitation

    During the post-exploitation aspect of the penetration test, your pen tester will be analysing all of the gathered data and the results of individual tests. The analysis includes categorising the detected vulnerabilities and prioritising them per the business and technical context. It is during this step that further testing needs are identified, and the tester will loop back and test or retest specific areas so that complete scope coverage is assured.

  • 7 Reporting

    The very last stage of the penetration test is the summarisation of the testing and the drawing of a conclusion.

    At the end of every engagement is a test report. The report details what was done, what was found, and what should be fixed. These may be:

    • Inadequate or improper configuration settings
    • Known or previously unknown software or hardware flaws
    • Operational gaps within business processes or technical controls.

Contact us

  • Worklab, Europort, Gibraltar

  • +350 540 73836