Penetration Testing

Penetration Testing Services

The ecfirst External Penetration Test (performed remotely) includes the following specific items:

  • The External Penetration Test is “pre-scoped” to the following general criteria
    • A “grey box” test is based on the following information provided
      • IP address ranges owned/operated &
      • All domains owned/associated with up to sixteen (16) external systems included in the scope
    • The primary goal is to gain unauthorized elevated access to an externally accessible system
      • A secondary goal is to gain unauthorized access to other systems utilizing the primary goal system
    • Out-of-Scope
      • End-user attacks (i.e. phishing, man-in-the-middle, client-side exploitation, etc.)
      • Denial of Service (DoS) attacks

The External Penetration Test methodology is described below:

  • Reconnaissance
    • Client personnel & cultural information
    • Client business terminology
    • Technical infrastructure information
  • Scanning
    • Network Discovery
    • Network Port & Service Identification
    • Vulnerability Identification
    • Wireless LAN Discovery/Scanning
    • Enumeration
  • Exploitation
    • Password cracking
    • Discovered credential usage
    • Manual & Automated vulnerability validation
    • Privilege escalation
    • Additional tool installation
    • Data discovery

The ecfirst Internal Penetration Test (performed remotely) includes the following specific items:

  • The Internal Penetration Test is “pre-scoped” to the following general criteria:
    • A “grey box” test is based on the following information provided
      • Domain User account configured as a “regular” employee
      • Remote access to the internal network via a Virtual Machine or physical device ecfirst provides
  • Not all vulnerabilities identified will be validated &/or exploited
    • Only those deemed most likely to assist in reaching the defined Goal will be further validated & exploited
  • The primary goal is to gain Domain Administrator level access on the internal network
    • A secondary goal is to gain unauthorized access to sensitive data
  • Out-of-Scope
    • End-user attacks (i.e. phishing, man-in-the-middle, client-side exploitation, etc.)
    • Denial of Service (DoS) attacks

The Internal Penetration Test methodology is described below:

  • Scanning
    • Network Discovery
    • Network Port & Service Identification
    • Vulnerability Identification
    • Wireless LAN Discovery/Scanning
    • Enumeration
  • Exploitation
    • Password cracking
    • Discovered credential usage
    • Manual & Automated vulnerability validation
    • Privilege escalation
    • Additional tool installation
    • Data discovery
   

The scope of a Web application penetration test includes the following specific items:

  • One (1) Web Application to be assessed
  • One (1) user role type to be utilized for testing
    • “Client” user account type
    • Anonymous access will also be tested
  • General Goal(s)
    • Gain anonymous access to authenticated sections of the application
    • Gain access to other client data within the application
  • Out-of-scope
    • Underlying System vulnerability exploitation
    • System Account Creation
    • Web Application Firewall (WAF) &/or IDS/IPS evasion

The Web Application Penetration Test methodology is described below:

Reconnaissance
  • Client personnel & cultural information
  • Client business terminology
  • Technical infrastructure information
Mapping
  • Network Discovery
  • Network Port & Service Identification
  • Analyzing HTTPS Support
  • Identify Virtual Hosting & Load Balancers
  • Analyze Software Configuration
  • Spider the site/application
  • Application flow charting
  • Relationship analysis
  • Session analysis
Discovery
  • Automated Vulnerability Scanning
  • Information Leakage & Directory Browsing Discovery
  • Username Harvesting & Password Guessing
  • Command Injection Discovery
  • Directory Traversal & File Inclusion Discovery
  • SQL Injection Discovery
  • Cross-site Scripting (CSS) Discovery
  • Cross-site Request Forgery (CSRF) Discovery
  • Session Flaw Discovery
  • Insecure Redirects & Forwards Discovery
Exploitation
  • Exploit identified Enumeration flaws
  • Exploit identified Bypass flaws
  • Exploit identified Injection flaws
  • Exploit identified Session flaws
  • Chain exploits together, pivot to other systems, data exfiltration, raid the fridge, etc