External Infrastructure Penetration Tests assess the security exposure caused by internet facing devices and servers. Internal Infrastructure Penetration Tests are assessments of systems within an organisation’s perimeter, to determine the level of risk systems have from visitors, guest, contractors, and malicious insider threats.
We don’t just focus on vulnerability discovery, but we also give significant detail on remediating discovered issues and importantly, hardening systems against exploitation.
During the engagement you can track the findings within our web platform, allowing you to follow how the test is progressing but also to get a head start on remediating discovered issues. Once the assessment is complete, we will deliver a detailed report of findings and remediation guidance, as a record of your assessment.
The initial steps of the engagement include determining the attack surface for all in-scope systems, including host discovery, port scanning, service version scanning, and domain enumeration.
This stage includes the manual work performed by the tester to highlight security vulnerabilities; where authorised it will include the active exploitation of vulnerabilities to ensure that risks are appropriately graded, and false positives are removed. This includes service testing for issues such as known vulnerabilities, common and default misconfigurations, as well as manual testing for insecure services. It will also include testing of authentication systems, such as testing for weak passwords, default credentials, and insufficient account lockout policies.
Finally, network traffic will be assessed for weaknesses in-transit protection such insufficient cryptographic protection and insufficient protection against interception and relay attacks.
Privilege Escalation typically includes two main stages: escalation from domain user to local administrator, and escalation from local administrator to domain administrator. Where possible network propagation will be assessed to determine issues, such as reused administrative credentials.
This stage includes assessing local services for weaknesses such as insecure services paths and permissions, as well as testing for credentials in plaintext, token impersonation, and administrative session interception.
Once a compromise is achieved additional attack vectors are assessed, credential audits are performed, and risk assessments are performed to determine what level of system access could be achieved and the level of skill required by the attacker to perform the exploitation.
We don’t just focus on vulnerability discovery, but we also give significant detail on remediating discovered vulnerabilities and importantly, hardening systems against exploitation.
In addition to Penetration Testing we also offer Cybersecurity Training and Cybersecurity Consultancy to offer a comprehensive suite of cybersecurity services.