Penetration tests of infrastructure
We will prepare a comprehensive and thorough security audit of internal and external systems. We will identify the weaknesses or risks in your infrastructure and recommend effective measures to address them accordingly.
Internal infrastructure
When implementing internal penetration tests, we rely primarily on the current OSSTMM methodology and testers' experience with attacks on domain machines, with emphasis on the procedures listed below:
Identification of targets, environment and vulnerability scanning
The initial phase involves identifying and mapping the individual systems (server types, operating systems, etc.) and services available on the organization's user network. Here, we test for security weaknesses related to software bugs, configuration errors, and vulnerabilities stemming from inappropriate design and configuration of services.
Identification of active network elements and verifying their security
This phase involves identifying the active network elements (firewalls, switches, routers, monitoring probes) and examining their security level from the perspective of the overall network design of the organisation, as well as from the perspective of the systems themselves. The tests are carried out using automated scanning methods that recognize the network structure and the inherent vulnerabilities of individual systems according to the obtained service "fingerprints". Then we evaluate the impact on network security according to vendor recommendations and recognized best practices.
Attempt to breach selected identified systems and services - privilege escalation
Based on the results of the previous phases, we identify and check the possibilities of escalation of privileges and possible full control of the tested systems. We implement individual tests using different methods. In particular, password guessing attacks, misuse of found information (found passwords, scripts) and then the use of exploits for specific vulnerabilities found.
Attempt to compromise the company's domain
At this stage, an attempt is made to escalate privileges to the domain administrator level. The goal is to compromise the company's internal domain. During the techniques performed, we use both classic and state-of-the-art attackers' techniques such as Pass the Hash, LSASS Dumping, Kerberoasting, Incognito Token Impersonation and others.
External infrastructure
The external penetration test is a simulation of an attack on the components of the information system by an attacker from the external environment. The objective of the tests is to determine how easily identifiable a target an organization's ICT infrastructure is, what technical information can be obtained about publicly available services, detect vulnerabilities that can be exploited to gain unauthorized access to sensitive system resources, and propose recommendations for remediation.
A comprehensive security assessment of the external components tested during penetration testing includes the following steps.
Target identification
Collecting as much information as possible (DNS names, IP addresses, publicly available information, logging databases, traces, response times, etc.).
Identifying active services
Scanning open ports and running services, determining the type of operating system and versions of individual software, emphasizing the use of system tools and automated scanners.
Finding vulnerabilities
Based on the results of the previous phases and further scanning, we detect the presence of vulnerabilities, efforts to exploit vulnerabilities (exploitation) and compromise the services/systems in question, using powerful commercial vulnerability scanners as well as our own proprietary tools.
Gaining access
Attempting to penetrate systems/services using vulnerabilities found in previous phases, the goal is mainly unauthorized acquisition of sensitive information, access to systems, etc.
Escalation of privileges and control of the target
The goal is to gain full control of the asset, possibly using the target for "pivoting" - attacking other systems via already compromised ones.
The vast majority of internal tests end when domain administrator privileges are achieved.
Benefits
- Over 30 years of experience in the field of security in the Czech and Slovak Republics.
- A wide team of certified auditors and administrators with experience from dozens of audits per year.
- Our team consists of specialists with experience from hundreds of sub-projects.
- We are holders of eMAPT, CISSP, OSCP, OSCE, CEH and many other relevant certifications.
- We run our own hacking lab to research in a number of areas dealing with the security of various solutions.
- We listen to our clients and tailor tests to their needs and time constraints.
DO NOT HESITATE TO
CONTACT US
Are you interested in more information or an offer for your specific situation?