Pentesting

Advanced penetration testing services

Analyze cyber threats that can materialize as cyber risks.

Contact
Pentesting objectives

Pentesting objectives

The penetration test or pentest consists of an offensive security test where a real cyber attack is simulated in a controlled environment. The objective is to find weaknesses that an attacker could potentially exploit to complete threats such as information theft, improper access, cause service failures for the installation of malware, etc.

Pentesting is the discipline that encompasses this type of exercise. The cybersecurity team is in charge of executing the pentest under the conditions agreed with the client, including scope, objectives, modalities and necessary depth.

Pentest approach

Black Box pentesting

Black Box

Black box exercises start from a total lack of knowledge of the client's infrastructure; the pentester team has no information regarding assets and users.

White Box penetration testing

White Box

In this modality, detailed information has been provided on the technologies and target applications. This includes the source code of the application, network maps, architecture, and more…

Grey Box penetration testing

Grey Box

In the grey penetration test, the team is provided partial information regarding the target such as legitimate user accounts to be used in the process, information about technologies used or IPs to be analyzed.

Perspectives of Penetration Test

  • Internal

    Internal pentests are developed from the perspective of an attacker with wired or wireless access to the internal network. These tests include remote access like VPN or remote desktop.

  • Perimeter

    The company’s perimeter comprises of all assets that are accessible through the Internet including public IPs, websites, domains and any exposed services.

Perspectives of Penetration Test

Penetration Testing Methodology

  • Reconnaissance

    Initial phase where we obtain as much information as possible about the target using different techniques.

  • Identification

    Identification focuses on analyzing the information collected and looking for weaknesses.

  • Exploitation

    In exploitation or, we are given access to systems that can later be used for post-exploitation work.

  • Post Exploitation

    Objectives are defined for system compromises, persistence, lateral movements and information exfiltration.

  • Pentest Reports

    The reports allow us to see how the penetration test occurred.

In-Depth Pentest

In-Depth Pentest

  • Automated

    The internal intrusion test allows us to get a clear vision of the most relevant vulnerabilities. That together with a threat map will serve as support for external intrusion exercises and to identify the attack vectors with a path of compromise within the systems.

  • In Depth

    In in-depth pentesting, an intrusion is performed manually by expert pentesters who are familiar with the techniques and procedures commonly used by cyber attackers.

  • Comprehensive

    This hybrid service combines the properties of the previous ones in routine and continuous intervals. This means that targets are defined and evaluated by the cybersecurity team and the client.

Penetration testing FAQs

What is the penetration test service?

Our penetration tests are technical security reviews where one or more assets are analyzed, from the outside or from the internal corporate network, which objective is to identify the weaknesses that allow to meet a series of predefined objectives, some objectives are:

  • Checking the efficiency of security measures and/or security controls implemented in the corporate network
  • Identification and later exploitation of the vulnerabilities as a security evaluation
  • Feasibility check for elevating user privileges due to an incorrect security architecture or due to insufficient security measures applied to applications and systems
  • Post-exploitation exercises of retesting already compromised objectives (persistence, lateral movement, log tampering, etc.).

Penetration tests have a defined scope and amount of time to perform all the required tests as well as to elaborate a final report.

The outcome of a penetration test is a technical report which includes the evidence and our security recommendations for the mitigation and remediation of the identified threats and vulnerabilities.

Which types of penetration tests do you offer?

Penetration tests can be classified into the following three types of exercises:

  • Black box penetration test: those exercises are based on the lack of information regarding the infrastructure to review or the asset to be analyzed. In this modality, the team in charge of performing the penetration test does not have any type of prior information about the technologies used, the source code of the applications, network maps nor corporate users for the analysis.
  • White box intrusion test: those exercises are based on the provision of detailed information made available to the team in charge of performing the penetration test. This type of tests requires obtaining information on the technologies used by the company, the source code of the applications, user company accounts, network maps as well as the company architecture, prior to starting the exercise.
  • Gray box penetration test: those exercises are based on the provision of partial information about the target, such as legitimate user company accounts, partial information on the technologies used, IP inventories of the company, domain information or other useful information for the analysis.

Apart from the different types to consider, the exercises can have different perspectives:

  • Internal Penetration Test: Internal penetration tests are performed from the perspective of a cyber attacker with access to the company’s internal wired or wireless network, including remote VPN accesses to the internal network.
  • External Penetration Test: The enterprise perimeter comprises all assets published on the internet, including public IPs, websites, DNS, and any exposed services that a cyber attacker could access to.

What are the industry leading tools used for penetration testing?

It is common for a pentester’s suite of tools to include a version of Linux adapted to cybersecurity, such as Kali Linux and others, as an operating system.

On the other hand, depending on the phase, objective, or type of work, we can use tools such as the following:

  • Discovery of network segments linked to the organization: Tarlogic tools for RIR analysis (RIPE NCC, ARIN, APNIC, AFRINIC, LACNIC).
  • Infrastructure reconnaissance: amass (Shodan, Censys, SecurityTrails, WhoisXMLAPI), uncover
  • Sub-domain bruteforcing tools: shuffledns, puredns
  • Port and service discovery: nmap, masscan, naabu
  • Web application recognition: Aquatone, httpx, WaybackMachine, Waybackurls, gau
  • Identification of web technologies: wappalyzergo
  • Web application vulnerability analysis: Burp Suite, OWASP ZAP, Nuclei, w3af, Acunetix, Nikto
  • Analysis of cipher suites: Testssl, sslscan, Qualys SLLlabs
  • Analysis and discovery of secrets /APIKeys: Trufflehog, earlybird
  • Analysis and discovery of secrets in github repositories: gitGrabber, gitLeaks, github-search, github-tools-collections
  • Authentication/authorization vulnerability scanning: Authorize (Burp Extension)
  • Out-of-band interactions tools: BurpCollaborator, interactsh
  • WAFs detection/WAFs bypass analysis: wafw00f, cloudfail, hakoriginfinder
  • Document metadata analysis: FOCA, Exiftool, Exiftool Scanner
  • Web resource discovery: gobuster, dirbuster, wfuzz
  • Tools for CMS security analysis: CMSMap, WPScan
  • Automatic SQL Injection vulnerability scanning: sqlmpa, sqlninja
  • XSS vulnerability scanning: XSSer, XSSHunter, BeeF
  • Analysis/exploitation of deserialization vulnerabilities: Ysoserial
  • Testing of DoS vulnerabilities in web servers: Slowloris, SlowHTTPTest
  • Vulnerability scanning tools: Nessus
  • Vulnerability exploitation solutions: Metasploit
  • Credential cracking: hashcat, John the ripper
  • Brute force attacks (password spraying): Hydra

Windows pentesting tools:

  • Sysinternals Suite
  • PowerView
  • PowerUP
  • Get-GPPPassword
  • Bloodhound
  • WinPeas
  • CrackMapExec
  • Responder
  • Impacket
  • Kerbrute
  • Rubeus
  • Mimikatz
  • Network Monitor
  • API Monitor

Linux pentesting tools:

  • LinPeas
  • Lynis
  • Impacket
  • LinuxSmartEnumeration
  • py
  • Sudo Killer

Communications and network attack analysis:

  • Wireshark
  • Yersinia
  • Vlan_Hopper
  • netdiscover
  • Scapy

Cloud security analysis:

  • Azure: ROADtools, stormspotter, microBurst, adconnectdump, scoutuite, APIs y herramientas CLI de Azure.
  • AWS: SkyArk, BucketFinder, Boto3, Cloudspaining, Pacu, enumerate-iam, aws_consoler and AWS CLI tolos.
  • Google Cloud Platform: ScoutSuite, GCP IAM Collector, GCP Firewall Enum, GCPBucketBrute, Hayat

How much does a penetration test cost?

The cost of a penetration test is variable and it is calculated according to the objective to be obtained, the volume of assets to be analyzed, the complexity of the test, the approach agreed and the methodology to follow (ie white box, black box or mixed).

An indicative price range could vary from 4,500€ for a penetration test limited to a smaller number of assets, to 30,000€ for a penetration test with much broader objectives. The price is also influenced by whether the work is performed on a one-shot basis or if a continuous service is required.

Other characteristics and particular requirements require a joint analysis between the client and Tarlogic to better define the scope and objectives of the exercise. We propose you to contact us so that our specialists can give you advise on the best approach to achieve your goals.