Loading Loading

Why Penetration?

  • Identification of Critical Assets
  • Understand the Architecture of the system
  • Decompose the application
  • Identify Threats and risks
  • Create Risk Matrix
  • from compromise / control of the server to dropping the shell
  • to deepest point in the network
  • Data breach of PII
Generic placeholder image
The process of pen testing makes sure that the penetration tester moves one step ahead, impersonates thought process of hacker before the Go-Live stage and makes sure that the application/ servers are properly patched, vulnerabilities are identified and mitigated properly, ports are configured properly with firewall and other control mechanisms placed.
  • Understanding the scope of pentest with clients
  • Understanding what to test/what not to test
  • Sign NDAs / contracts if required with the client
  • Get a dedicated environment for conducting the test/ if it’s a production environment get to a conclusion about test approach ( For instance: Perform test in off business hours)
  • Identify right tool sets based on the type of test ( Web app pen test/ infra pen test)
  • Conduct pen test with the right approach aligning to the ethics
  • Complete the Pentest on time and provide a detailed report on identified vulnerabilities
  • Walk through on the identified vulnerabilities and assisting the developers to fix the same
  • If required perform a regression, to make sure the vulnerabilities are properly patched
  • At the first hand, the business reputation can be maintained by making sure the control mechanisms in place rather than making out in headlines in newspapers
  • Regulatory requirements / compliance aspects will be maintained on performing regular pen tests.
  • New vulnerabilities coming up with day to day innovative attack surfaces will be checked up properly and mitigated as well.
  • This will help the developer as well to code in a much secured way which will reduce the percentage of vulnerability
  • Thinking outside the box, pen testers brings you variety of bugs on the table which will cut your cost/ time/ service interruption since when these bugs goes undiscovered it later bombards back in big time.
  • More over no one wish to get hack!

Web Application Pentesting

In web app pen testing, assessment would be generally validated against OWASP Top 10, SANS Top 25 and out of box thinking on business logic misuse cases.

  • Input validation / handling
  • Injection Attacks ( SQL Injection, OS Command Injection ,LDAP injection etc.,)
  • File Inclusion attacks ( Local File Inclusion / Remote File Inclusion)
  • File upload functionalities
  • Anti virus checks on web app server
  • Cross Site Scripting ( Persistent/ Non Persistent / DOM/ Self)
  • Cross Site Request Forgery Attacks
  • Server Side Request Forgery Attacks
  • Remote Code Execution (RCE)
  • Deserialization Attacks
  • JSON / XML attacks
  • Web server vulnerabilities ( From Zero days to CVE checks)
  • Business Logic misuse

Network Penetration Testing

Network penetration testing can be done on five different levels

Information Gathering / Reconnaissance : Understand the target network and gather information about the target such as how the network is designed, what kind of services are hosted, using google dorks to gather much more information on the target.

Scanning : Scanning is broken down into two different categories

Passive Scanning : In Passive Scanning, pen tester doesn’t create noise in the network, rather he analyses the different services running in the target . For instance, if a website is running try to understand and map the potential attack surfaces in the application which will lead the tester to gain access to the server

Activescanning : in this phase, the pentester engages different toolsets such as Nmap, Nessus etc., to scan the target and identify the open ports, uncover the services running on the port and gather intel on it

Gaining Access : Using the identified ports/ services and with the intel achieved, the pentester tries to exploit the services with approaches such as using metasploit tool to gain shell, uploading a shell file through web apps and then initiate the same to gain access and so on, searching internet for available exploits from site like https://www.exploit-db.com and use the same/ modify according to target to gain control over the server.

Maintaining Access : Once the pentester gains access to the server, he should make sure that a persistent connection can be established anytime on the server. Various activites can be done on this part such as

  • Perform privilege escalation based on OS ( Windows/ *nix)
  • Ring 0, 1, 2, 3 breaking
  • Establish a backdoor for persistent connectivity
  • If required, perform Lateral moment and gain access to other servers in the network

Clearing The Tracks : Once connection is established and maintained, It is required to clear the tracks so that there is no doubt raised to server admins/ app admins about the compromise. Things that a pentester will do at this stage are

  • Clear web server logs/ app server logs
  • Clear windows event and security log files / if it’s Linux OS, then clear /var/log and other log files
  • Make sure that the backdoor runs a computer service and not as any user service for complete resistance
  • If any access level controls where changed do a fallback to the actual state before exploitation