PENETRATION TESTING, VULNERABILITY SCANNING, SOCIAL ENGINEERING
What is a penetration test (Pentest)?
A penetration test is the process of an ethical hacker conducting a simulated attack to test for vulnerabilities and potential attack vectors of a system or network in order to gain access. This process is subsequently outlined in an assessment report that is meant to identify weaknesses in their defensive systems, as well as to what systems and data would potentially be compromised should such an attack occur. Systems can be tested through "black box" testing, which is a simulation of a true adversary attacking the network. In this scenario, very little is known about the intended target. There is also "gray box" testing, in which basic or limited information is facilitated and "white box" testing, which provides system/background information to provide a more expeditious attack campaign. Several foundational compliance framework require regular penetration testing to be conducted as part of a standard security audit.
Generally speaking, there are 5 phases of a penetration test that simulate phases of attack of real world attacker. They are as follows:
Reconnaissance - Attackers collect information about networks, systems, targets or personnel (for social engineering) for follow-on exploitation.
Scanning - Further, in-depth information is collected about systems which are scanned for vulnerabilities either passively or actively to determine potential attack vectors.
Gaining Access - Gathered information is leveraged to the benefit of the attacker to gain access through the delivery of a malicious payload, social engineering, etc.
Maintaining Access - Steps are taken to ensure that the attacker can remain persistent within the network and further pivot to more lucrative internal targets.
Covering Tracks - Anti-forensic methods such as obfuscation are employed to try to remain hidden from defenders or incident responders.
External vs. Internal Penetration Testing - External penetration tests are what springs to mind when most people think of pentesting in general and for the most part, the process is outlined above. Internal penetration testing is a different approach in which some form of access is, by default, granted to the attacker. Studies have shown that internal attacks are typically much more likely than external attacks and can be far more devastating. In the real world, this type of attack could either be carried out by an unassuming or malicious employee or a third party that has been given some level of access. This type of pentest should be employed along with external pentests to gain a full picture of where vulnerabilities lie. To learn more about insider threats, check out our Insider Threat blog, "Beyond the Wire".
Web Penetration Testing - Like the name suggests, focuses on web application penetration testing as opposed to a network for the same purpose of identifying vulnerable configurations in order to strengthen defenses.
social engineering assessment
It's exceedingly rare for external network breaches to not be facilitated via some form of social engineering. Social engineering is the process of "hacking" or manipulating people to relinquish access or information. A well crafted social engineering campaign can thwart even security savvy users. It's clear that social engineering is a critical risk to most organizations and users should be constantly tested and trained. People are the most dynamic weakness when it comes to securing your network.
Shadowscape Social Engineering Assessment will test organizations and their employees' adherence to security policies. Our process is consists of email phishing, vishing and/or physical access techniques designed to emulate attackers that would use these tactics maliciously.
Social engineering assessments help users understand the gaps present in current security policies, identify and prioritize vulnerabilities, and provide training for employees and personnel.
Our process includes reconnaissance, planning, engagement of targets and reporting (along with optional employee training. Contact us today to learn how Shadowscape can prepare your organization for social engineering attempts.
Shadowscape's vulnerability assessment is a process driven approach to conducting comprehensive scanning networks and applications for known vulnerabilities. Externally, we scan web servers and all perimeter security devices and outward facing infrastructure of your data environment. Internally, we discover, configure and conduct a credentialed scan of targets such as workstations, network devices, servers and peripherals. Once completed, an extensive report will be compiled, complete with risk-level prioritization and the most critical recommendations for action. If necessary, results will be compiled and facilitated in accordance with required compliance frameworks (HIPAA, PCI, etc.)
Once complete, a Shadowscape analyst will conduct a personal review of all scan results and remediation priorities.