The penetration test or pentest consists of an offensive security test where a real cyber attack is simulated in a controlled environment. The objective is to identify weaknesses that could be exploited by an attacker, thereby leading to threats such as information theft, unauthorized access, service disruptions, malware installation, and so on.
Pentesting is the discipline that encompasses this type of exercise, aimed at identifying potential vulnerabilities and mitigating cybersecurity risks. Our cybersecurity team is responsible for executing the penetration testing services under the conditions agreed with the client, which may include the duration of the testing, scope, objectives, modalities, and necessary depth.
At the completion of the pentesting service, we will have a report that includes the identified vulnerabilities classified and prioritized based on their impact and remediation complexity, as well as detailed recommendations to help mitigate the detected risks.
Approaches to penetration testing services
Black box exercises start from a total lack of knowledge of the client's infrastructure; the pentester team has no information regarding assets and users.
In this modality, detailed information has been provided on the technologies and target applications. This includes the source code of the application, network maps, architecture, and more…
In the grey penetration test, the team is provided partial information regarding the target such as legitimate user accounts to be used in the process, information about technologies used or IPs to be analyzed.
Perspectives of Penetration Test
Internal pentests are developed from the perspective of an attacker with wired or wireless access to the internal network. These tests include remote access like VPN or remote desktop.
External pentest (perimeter)
The company’s perimeter comprises of all assets that are accessible through the Internet including public IPs, websites, domains and any exposed services.
Social engineering pentest
The human factor is used in pentesting to assess the level of awareness and achieve an intrusion through social engineering tests.
Security assessment and Wifi intrusion tests through corporate networks.
Penetration Testing phases & methodology
Initial phase where we obtain as much information as possible about the target using different techniques.
Objectives are defined for system compromises, persistence, lateral movements and information exfiltration.
Identification focuses on analyzing the information collected and looking for weaknesses.
The pentest report provides insights into how the security assessment was conducted.
In exploitation or, we are given access to systems that can later be used for post-exploitation work.
Internal intrusion test utilizing advanced technology to obtain a comprehensive view of the most critical vulnerabilities, combined with a threat map. This work is complemented by manual exploitation and supports external intrusion exercises.
In in-depth pentesting, an intrusion is performed manually by expert pentesters who are familiar with the techniques and procedures commonly used by cyber attackers.
This hybrid service combines the properties of the previous ones in routine and continuous intervals, aiming to identify and mitigate cybersecurity risks. This involves defining and evaluating targets by both the cybersecurity team and the client.
Penetration testing FAQs
What is the penetration test service?
Our penetration services involve conducting technical security reviews that simulate real-world attacks, analyzing one or more assets to identify potential vulnerabilities that could be exploited via external or internal corporate networks. The scope of our services may cover:
- Checking the efficiency of security measures and/or security controls implemented in the corporate network
- Identifying and later exploiting the vulnerabilities as a security evaluation
- Checking feasibility for elevating user privileges due to an incorrect security architecture or due to insufficient security measures applied to applications and systems
- Retesting post-exploitation exercises of already compromised objectives (persistence, lateral movement, log tampering, etc.).
Penetration tests have a defined scope and amount of time to perform all the required tests as well as produce a final report.
The outcome of a penetration test is a technical report which includes our findings and security recommendations for the mitigation and remediation of the identified threats and vulnerabilities.
What types of penetration tests does Tarlogic offer?
Penetration tests can be classified into the following three types of exercise:
- Black Box Penetration Test: These exercises are based on the lack of information about the infrastructure to review or the asset to be analyzed. In this modality, the team in charge of performing the penetration test does not have any prior information about the technologies used, the source code of the applications, network maps nor corporate users for the analysis.
- White Box Intrusion Test: These exercises are based on provisional details made available to the team in charge of performing the penetration test. This type of test requires obtaining information on the technologies used by the company, the source code of the applications, user company accounts, network maps as well as the company architecture, prior to starting the exercise.
- Gray Box Penetration Test: These exercises are based on the provisional partial information about the target, such as legitimate user company accounts, partial information on the technologies used, IP inventories of the company, domain information or other useful information for the analysis.
Apart from the different types to consider, the exercises can have different perspectives:
- Internal Penetration Test: Internal penetration tests are performed from the perspective of a cyber attacker with access to the company’s internal wired or wireless network, including remote VPN accesses to the internal network.
- External Penetration Test: The external penetration tests comprises of all assets published on the internet, including public IPs, websites, DNS, and any exposed services that a cyber attacker could access.
What are the industry leading tools used for penetration testing?
It is common for a pentester’s suite of tools to include specialized software, such as Kali Linux and others, adapted for cybersecurity purposes as an operating system.
In addition, depending on the phase, objective, or type of work, we can use tools such as the following:
- Discovery of network segments linked to the organization: Tarlogic tools for RIR analysis (RIPE NCC, ARIN, APNIC, AFRINIC, LACNIC).
- Infrastructure reconnaissance: amass (Shodan, Censys, SecurityTrails, WhoisXMLAPI), uncover
- Sub-domain bruteforcing tools: shuffledns, puredns
- Port and service discovery: nmap, masscan, naabu
- Web application recognition: Aquatone, httpx, WaybackMachine, Waybackurls, gau
- Identification of web technologies: wappalyzergo
- Web application vulnerability analysis: Burp Suite, OWASP ZAP, Nuclei, w3af, Acunetix, Nikto
- Analysis of cipher suites: Testssl, sslscan, Qualys SLLlabs
- Analysis and discovery of secrets /APIKeys: Trufflehog, earlybird
- Analysis and discovery of secrets in github repositories: gitGrabber, gitLeaks, github-search, github-tools-collections
- Authentication/authorization vulnerability scanning: Authorize (Burp Extension)
- Out-of-band interactions tools: BurpCollaborator, interactsh
- WAFs detection/WAFs bypass analysis: wafw00f, cloudfail, hakoriginfinder
- Document metadata analysis: FOCA, Exiftool, Exiftool Scanner
- Web resource discovery: gobuster, dirbuster, wfuzz
- Tools for CMS security analysis: CMSMap, WPScan
- Automatic SQL Injection vulnerability scanning: sqlmpa, sqlninja
- XSS vulnerability scanning: XSSer, XSSHunter, BeeF
- Analysis/exploitation of deserialization vulnerabilities: Ysoserial
- Testing of DoS vulnerabilities in web servers: Slowloris, SlowHTTPTest
- Vulnerability scanning tools: Nessus
- Vulnerability exploitation solutions: Metasploit
- Credential cracking: hashcat, John the ripper
- Brute force attacks (password spraying): Hydra
Windows pentesting tools:
- Sysinternals Suite
- Network Monitor
- API Monitor
Linux pentesting tools:
- Sudo Killer
Communications and network attack analysis:
Cloud security analysis:
- Azure: ROADtools, stormspotter, microBurst, adconnectdump, scoutuite, APIs and Azure CLI tools.
- AWS: SkyArk, BucketFinder, Boto3, Cloudspaining, Pacu, enumerate-iam, aws_consoler and AWS CLI tools.
- Google Cloud Platform: ScoutSuite, GCP IAM Collector, GCP Firewall Enum, GCPBucketBrute, Hayat
How much does a penetration test cost?
The cost of a penetration test varies and is calculated on the grounds of what the objective you seek to obtain: the volume of assets to be analyzed, the complexity of the test, the agreed approach and the methodology used (ie white box, black box or mixed).
The price range could vary from €4,500 for a limited penetration test to €30,000 for a penetration test with much broader objectives. The price is also influenced by whether the work is performed once or if continuous service is required.
We strongly encourage that we have a joint assessment with our clients and team to determine the specific characteristics and particular requirements to better define the scope and objectives of your exercise. We invite you to contact us so that our specialists can give you advice on the best approach to achieve your goals.