A Network Penetration Test (aka, pen test) is a method of evaluating the security posture of a network system by simulating an attack from
malicious outsiders who would not otherwise have authorized access to the network. Vulnerabilities are then documented and exploited in an
effort to determine whether unauthorized access of malicious activity is actually possible.
The overall goal of a Network Penetration Test is to identify vulnerabilities, document them, validate them through exploitation, apply
risk ratings and formally document the results in a report combined with appropriate recommendations for remediation
Our comprehensive methodology ensures that our clients’ vulnerabilities are represented by their true real-world likelihood and potential
impact to their business. The methodology is founded upon industry-standard frameworks, such as: OSSTMM, ISSAF, OWASP, WASC and NIST Special Publication 800 Series guidelines.
System/service discovery consists of compiling a complete list of all accessible systems and their respective services with the ultimate goal of
obtaining as much information about the assets as possible. Commonly, this includes: domain foot printing, live host detection, service enumeration,
rogue system/service detection, product-specific vulnerability detection, and operating system and application fingerprinting. With the information
collected from the discovery phase, security testing transitions to identifying vulnerabilities in internal and externally facing systems and applications
using automated scans and manual testing techniques.
iPrimitus begins the vulnerability identification process with a combination of commercial and open source vulnerability scanners. Automated scans are
good at identifying known and common vulnerabilities, however, automated scans are not good at detecting complex security issues or validating the findings
reported. For this reason, automated scans represent only a small facet of the overall security assessment with the majority of vulnerability testing focused
on manual testing and verification. iPrimitus Security has adopted an industry-standard approach to assigning risk ratings to vulnerabilities. This approach
is used in all our assessments and provides our clients with consistent risk ratings that take into account a number of factors ranging from: Skill Level,
Motive, Ease of Exploit, Loss of Integrity, Loss of Availability to Loss in Privacy and Reputational Damage.
- Discovery/Information gathering via public websites, ARIN, job boards, domain lookup tools, etc.
- Active network scanning using networking mapping tools and manual processes.
- Enumeration of live devices searching for vulnerable services and misconfigurations.
- Exploitation of vulnerabilities to determine whether unauthorized access is possible.
- Report findings, evidence, recommendations, tools and methodology.
Our Tested & Proven Penetration Testing Process
The steps below provide a high-level outline of our proven Penetration Testing Process. This process can be augmented by Advanced Threat Modules (ATM)
that include, but are not limited to, our stealth testing module, managed security service provider testing module, IDS / IPS effectiveness and tuning module,
pseudo-malware module, distributed metastasis module, Social Engineering module, and many more.
Step 1: Logistics and Controls
Logistics and controls is an important yet often overlooked component of delivering quality penetration tests. The purpose of this step is to reduce the rate
of false positives and false negatives by assuring proper adjustments are made to all testing modules prior to launch. This module is perpetual in that it continues
to run during the entire course of testing. Its purpose is to identify any issues that may exist before testing, or to identify network or system state changes during testing.
Step 2: Advanced Reconnaissance
iPrimitus begins all penetration tests with a combination of Social and Technical reconnaissance. Social reconnaissance, not to be confused with Social Engineering,
is focused on extracting information from personal websites, social networking sites like linkedin and facebook, technical forums, internet relay chat rooms, company
job opportunities, documents that have been leaked or published, etc. The goal of social reconnaissance is to identify information that might assist in compromising
the target. Historically this information has included source code, confidential files, passwords, troubleshooting questions about IT issues, etc.
Technical reconnaissance focuses on the discovery of hosts, service fingerprinting, configuration analysis, web server directory enumeration, the identification of
administrative portals, the identification of customer portals, the identification of hidden endpoints such as cable modems or DSL lines, the use of third party services
provided by hosting providers, managed security service providers, and much more. Technical reconnaissance may or may not use port scanners, web application scanners,
vulnerability scanners, etc. depending on the threat and intensity levels of the service being provided.
Step 3: Analysis
Once initial social and technical reconnaissance tasks are complete, IPrimitus enters an analysis stage. During this stage all information is correlated and an attack matrix
is created. The matrix identifies all potential attack vectors and organizes them by probability of successful penetration. Every identified listening port or web application
component is considered to be a potential attack vector until proven otherwise.
Step 4: Real Time Dynamic Testing
Once sufficient intelligence has been gathered IPrimitus begins penetration efforts. While common tools may be used to penetrate systems with low-hanging fruit, a manually
intensive research driven process is used to penetrate more complex targets. For example, bypassing a Web Application Firewall that is in line with an Intrusion Prevention
System to perform successful Blind SQL Injection against an otherwise well hardened web application.
A comprehensive report detailing the findings, risk ratings, recommendations, methodology, tools, evidence and screenshots.