Home
Infrastructre
Penetration Testing

 


Infrastructre Penetration Testing

  • Highly trained and certified penetration testing team
  • Proven penetration testing methodology
  • Includes retest option to validate your fix actions
  • Clear & concise reports with prioritized, actionable items

Infrastructure Penetration Testing Service

Infrastructure Penetration Testing is a vital means of ensuring your organisation is protected in a real world scenario and should form part of your business's overall Cyber Security Strategy, ensuring network based security controls and security operations are operating effectively.

Our Infrastructure Penetration Test service replicates how a skilled and determined attacker will scour the network in search of vulnerable components (from the network to the application level).

The methodology used for infrastructure penetration testing is based around ensuring your IP-based network security assessment is performed in a structured and logical way.

An assessment does not just pass once over each part of the methodology but as information is gleaned from the network, it is re-iterated over and over again until all avenues of attack have been explored in the time available.

Depending on what level of assurance is required, we can report on major issues, as they are found or seek to exploit them to demonstrate the extent a vulnerability will open up your network allowing an attacker to gain a persistent foothold.

The risks of performing an exploit to your business will be explained prior to the exploitation to allow you to make a judgement call on whether the risk is justified.

For some compliance reasons, exploitation can be a requirement and we will be pleased to discuss if this is relevant to you.

Infrastructure Penetration Testing Overview

There are three main types of network penetration test:

External Infrastructure Penetration Testing: taking the view of an attacker on the Internet, targeting your business's Internet presence.

Internal Infrastructure Penetration Testing: taking the viewpoint of an attacker who has gained access to your internal corporate network or a malicious low privilege staff member already on your network. This could include a wireless assessment if wireless is used within the organisation.

Scenario Based: This is an alternate type of internal infrastructure penetration test, which can be performed instead that isolates a single point of entry and attempts to gain as much as possible from that entry point. More information on Scenario Based testing is below.

What is covered

External Infrastructure Penetration Testing

  • Open source data gathering
  • Host discovery
  • Port Scanning
  • Vulnerability Scans with manual confirmation of findings
  • Web Services and application unauthenticated testing
  • Remote management interfaces
  • Database Services
  • Mail Servers
  • VPN Endpoints
  • RPC Endpoint Services
  • Other Exposed Services Assessment

 

Internal Infrastructure Penetration Testing

  • Host discovery
  • Port Scanning
  • Vulnerability scans with manual confirmation of findings
  • Web Services and application unauthenticated testing
  • Remote management interfaces
  • Database Services
  • Windows Networks, Domains and Forests
  • RPC Endpoint Services
  • Other Exposed Services Assessment
  • Wireless Assessment of one or more offices
  • Use of wireless security measures
  • Intra client wireless protection
  • Corporate separation with wireless networks
  • Guest and corporate wireless network segregation

Scenario Based Testing

The above describes a breadth-first approach to infrastructure penetration testing designed to find as many vulnerabilities as possible.

The scenario based test is an alternate type of internal infrastructure penetration test, which can be performed instead that isolates a single point of entry and attempts to gain as much as possible from that entry point.

In this test, our consultants will engage with your team to discuss their security concerns. For example, 3rd party cleaners may have access to the company office at night and your business wants to know what unattended non-staff personnel could do if they connected to the corporate network.

This is considered a bespoke engagement where our security consultants will agree a starting point for the engagement (for example begin outside the office and utilising Wi-Fi to gain access to the corporate network) and the client will then provides a list of goals (flags). For example, to reveal the contents of a test file called 'test' on a restricted share or the contents of a test email sent between the CEO and CFO regarding a planned acquisition.

This type of assessment is usually time limited though the results tend to raise the case for stronger security measures within the organisation.

The infrastructure penetration test report will detail a short non-technical executive summary that will describe the security of the network as a whole. This summary will allow budget approvers to quickly understand the risk the network currently poses and have a handle on the impacts to budget, timescales and resources any remediation will take.

The report will also include full detail of each of the vulnerabilities found including a risk rating, an ease of attack rating, if applicable a CVE reference, the CVSS score and vector, and any supporting evidence.

Should a number of options exist for remediation, and the pros and cons of each will be explained. If applicable, any potential problems a fix may cause will be noted.

This format of results in the report will allow the organisation to decide on the best course of action to address the vulnerability and therefore reduce the attack surface of the business's network.

Penetration Test Report

The Penetration Test Report includes the URLs and IP addresses tested, reconnaissance (discovery) information, vulnerabilities discovered, steps taken during the assessment, exploitable areas, and prioritized recommendations. For any systems we are able to exploit, an Issue Detail section is used to discuss step-by-step the process we used to gain access, escalate privileges, etc.

 

Penetration Test Report Findings Review

We schedule either an in-person or online session with you where we walk through the report with your team and answer any questions about the findings, our methods, or the steps required for remediation. Many competitors deliver a confusing lengthy report at the end of the engagement for you to decipher. Our penetration test report review adds tremendous value because we can clarify findings and remediation steps.

 

Free Retest

How do you know the steps you took to fix our penetration test report findings actually worked? Validation removes the guesswork. When you're ready, after fixing the issues identified in the penetration test report, we offer a free re-test of those identified vulnerabilities. This is a crucial and often overlooked step in this process. Validating security controls, patches, and other fix actions is extremely important. We have discovered numerous organisations that thought they fixed a finding we identified, only to discover after a retest that the finding was still there.

 

Certificate of Attestation

The attestation letter serves as record of us performing the penetration test. It includes a summary of the findings. Its intent is for external use, outside of your organisation, to show proof that a security assessment was performed and to highlight test results.

Frequently Asked Questions

  • Penetration Test or Vulnerability Assessment, I'm confused. What do I need?

    Great question. The vulnerability assessment is akin to looking at a house and writing down the make of the locks, the location of the doors and windows. All the time checking to make sure they are closed and see if they are locked or not. A penetration test will attempt to pick those locks, open the doors, see what is behind them. The good penetration test will also try to build tunnels from the house to their house, create an inventory of all your possessions and many other things besides. We get a lot of questions asked of us regarding Penetration Testing. We have tried to gather as many of the frequently asked questions together here.

  • I have a mate who can test, what makes you better?

    Almost everyone has a friend, peer, colleague who understands a little about security. We test 7 days a week, 365 days a year and each tester spends a third of their time at conferences, on course and doing research to stay at the top of their skill set. It is like comparing a race car engineer (the penetration tester) to a car garage engineer (the IT generalist with some tools) to the home garage hobbyist (the friend). Occasionally, the friend will have excellent levels of skills, but is this the exception, not the norm.

  • What tools do you use for a penetration test?

    Our primary "tool" is the Mk1 Human. In our testers arsenal are over 200 opensource tools bolstered by more than 50 internally developed tools. On an average penetration test, 20% of the testers time will be spend working with tools. These are important for covering a lot of digital ground in a small amount of time.

  • How often should we have a Penetration Test?

    The best practice guideline is at least annually but it really depends on what it is you are testing. If your environment is static and does not change, and you perform monthly vulnerability scans then you are reasonably safe in having a penetration test every three years. If you are including applications within your test scope, that change often, then you should be testing those applications separately after development and before UAT.

  • I want a Penetration Test, how much will it cost?

    In order to determine the cost, we need to have a discussion about the scope. While some firms will give you a quote blind, it is like asking a painter to paint a building in London without knowing which building and what type of paint. There are a lot of variables and these can only be fleshed out via a scoping conversation with one of our test team leaders.

  • How do we know you are any good?

    For the first engagement this is always a worry for clients. We are a CREST member company with a number of OSCP and OSCE qualified staff. Our engineers have a wide variety of experience covering multiple disciplines. Have a look at our testimonials to see what our clients think. But the main thing is we actually care about our clients and their security.

  • When do you issue the certificate?

    We typically issue the certificate after we perform the re-test, if included. This allows you to fix any issues we identify in the initial penetration test.