Penetration Testing

Infrastructure Testing

Penetration Testing Execution Standard (PTES)

The Penetration Testing Execution Standard (PTES) encompasses seven primary sections, covering every aspect of a penetration test. This includes initial communication and the rationale behind a PenTest, intelligence gathering and threat modeling phases where testers work behind the scenes to gain a deeper understanding of the organization under test. It also involves vulnerability research, exploitation and post-exploitation phases where the technical security expertise of the testers’ melds with the business context of the engagement. The final phase is reporting, which encapsulates the entire process in a way that is comprehensible to the client and maximizes value.

1.OSINT – Intelligence Gathering

This section delineates the Intelligence Gathering activities associated with a penetration test. .

 

2.Vulnerability Analysis

Vulnerability testing entails identifying weaknesses in systems and applications that an attacker could exploit.

 

3.Exploitation

The exploitation phase of a penetration test is dedicated to gaining access to a system or resource by circumventing security controls.

4.Post Exploitation

The post-exploitation phase aims to assess the significance of the compromised machine and maintain control over it for future utilization.

5.Reporting

The final stage aims to encapsulate the entire process above, in a report, in a way that is comprehensible to the client and maximizes value.

Scope Explanation

Depending on system-specific parameters and customers’ goals there are three different scopes that are used in penetration testing.

Black Box Penetration Test

In a black box engagement, the testers are not granted any access or intelligence for the test. It is the most realistic simulation of a cyber attack, but also has the risk of missing something. Depending on the engagement’s goals, customers may choose to provide some limited info (i.e. a list of IPs), that would prevent the testers from missing something during the enumeration process.

This is usually the recommended approach for external penetration tests.

1

White Box Penetration Test

A white box engagement grants the testers extensive information for the assets to be scanned, and also allows them to be scanned using more privileged scopes (i.e. testing with limited user credentials, testing with elevated user credentials etc) This allows scanning for vulnerabilities from “behind the scenes”, in a more comprehensive and exhaustive manner that is unlikely to miss something.

This is usually the recommended approach for internal penetration tests.

2

Gray Box Penetration

A grey box penetration test is a penetration test where partial disclosure of information from the customer is involved. It could be specific resources that need to be tested because they are considered more critical than others, or some basic users credentials for a resource, depending on the desired scope of the engagement.

3