Identify and fix weak points in your IT infrastructure
A penetration test is a security assessment for your organization's internal or external IT infrastructure and exposed network services. Before the penetration test begins, goals and specifications for the test are defined together with your team.
An external penetration test's most common goal is to determine whether an attacker can gain a foothold in your company's internal network.
In an internal penetration test, the two most common scenarios are that either an attacker succeeds in compromising a host computer (e.g., through a phishing attack) or an attacker succeeds in gaining physical access to the network ("cleaning staff scenario").
External Penetration Test
The external penetration test is carried out from the perspective of an outside attacker who analyzes the publicly available IT infrastructure of your organization. We are following the same steps an attacker would take to gain access to your organization's internal networks. The following is an exemplary list of actions taken:
Detection of all IT systems within the area provided by your organization (e.g., DNS / IP range)
Detect all services running in the area
Get DNS records that can be used to identify additional systems.
Identify version information of running services
Basic interaction with the services to obtain configuration information
Check for known weak points or incorrect configurations in connection with the externally accessible services found
If possible, exploits are identified; these are checked for effects on the target service's stability.
Testing whether the presumed vulnerability can be exploited by using the exploit or coordinating a time window with your organization for the use of the exploit
After the vulnerability has been successfully exploited: Check whether it is possible to achieve the objective of the external penetration test
Continuation/restart of the process
Examination of whether further identified vulnerabilities can be exploited to gain access to your organization's internal network.
As soon as internal access is available, the entire process may start again from the perspective of an internal attacker who has already received internal network access (e.g., to the DMZ).
The external penetration test is a service offering that should be used after your company has tried to harden the external perimeter - mainly through patching and secure configuration of available services. This validates the effort that your company has invested in prevention and protection and, if necessary, identifies possible areas with potential for improvement.
Internal Penetration Test
The internal network penetration test can be carried out in different ways. Some of the more common scenarios are as follows:
Compromised host scenario
Your company provides user accounts to be used for the assessment.
Providing the accounts would simulate an attacker successfully launching a spear-phishing attack and gaining internal access and/or a malicious internal agent. Access to the user's system via:
- Remote access (e.g., VDI)
- Image to boot
- End-user laptop
Compromised server in the DMZ scenario
Your company provides user accounts to be used for the assessment. Providing the accounts would simulate an attacker successfully launching a spear-phishing attack and gaining internal access and/or a malicious internal agent.
Cleaning staff scenario
Use of a network connection within your company. The implementation is usually either carried out remotely by connecting a mini-computer to one of your network sockets or on-site with one of your experts.
Regardless of the scenario, the test begins again with the same steps an attacker would take.
Identify systems within the agreed area of the internal network
Determination of the running network services
Evaluation of version and configuration information for running network services
Identify network shares that allow access and search for confidential data
Search for systems in your company's internal domain that grant (all) users administrator rights
Exploitation of vulnerabilities
Research of known vulnerabilities and potential misconfigurations of running network services
If necessary, we will coordinate a system and time window with your organization to safely check the exploitability of potential weak points
Check whether the potential vulnerability can be exploited and whether the execution of the exploit is successful
Check whether it is possible to achieve the previously agreed goals of the internal penetration test
Continuation/restart of the process
After we have gained access to an additional system in your environment, the whole process is restarted
The new computer system or new user accounts discovered may have access to various other systems or data in your organization
The internal penetration test is very valuable for companies that want to know what an attacker can do and what they can gain access to if an internal system has been successfully compromised.
An internal penetration test should be carried out after your organization has invested time and money in the internal network to ensure that the configuration and processes used are successful in providing comprehensive protection for the infrastructure.
Command and Control (C2) & Exfiltration
During a C2 assessment, we examine the technical and organizational abilities of your organization to detect and block sophisticated malware as well as to react to malware that is sent via email.
In particular, it is also about checking which options are available in your company infrastructure to recognize and also to block the communication channels used by attackers for C2 and data exfiltration.
Pivoting & Lateral Movement
Starting from a basic user account, we try to gain access to other systems, identify sensitive information, escalate permissions on the system, and to other areas of the network. The access level used as a starting point simulates what an attacker might have gained through a successful phishing email campaign or by impersonating an employee or contractor.