The penetration test or pentesting consists of an offensive security test where a real cyber attack is simulated in a controlled environment. The objective is to find weaknesses that an attacker could exploit to complete threats such as information theft, improper access, causing service failures or the installation of malware, etc.
Pentesting is the discipline that encompasses this type of exercise. The Cybersecurity team is in charge of executing the pentest under the conditions agreed with the client, agreed scope, objectives, modality and necessary depth.
Black box exercises start from a total lack of knowledge of the client's infrastructure; the pentester team has no information regarding assets and users.
In this modality, detailed information on the technologies and target applications is available, including the source code of the application, network maps, architecture, etcetera.
In a grey box penetration test, the team in charge of the execution has partial information about the target, such as legitimate user accounts to be used in the process, information about technologies used or IPs to be analyzed.
Penetration test perspective
Internal penetration tests are developed from the perspective of an attacker with wired or wireless access to the internal network, these test include remote access like VPN or remote desktop.
The company's perimeter comprises all assets that are accessible through the Internet, including public IPs, websites, domains and any exposed services.
Penetration testing methodology
Initial phase in which as much information as possible is obtained about the target using different techniques.
In this step, objectives are defined in regards to systems compromise, persistence, lateral movement and information exfiltration.
Identification focuses on analyzing the information collected and looking for weaknesses.
The reports allow us to see how the penetration test occurred, the weaknesses that were exploited by the team that simulated the cyber attack, security recommendations for IT and development teams to remediate the reported vulnerabilities, and methods for security managers to prioritize the findings.
In exploitation work, access is obtained to systems that can later be used for post-exploitation work.
Internal intrusion test with the support of technology that allows to obtain a vision of the most relevant vulnerabilities together with a threat map that will serve as support for external intrusion exercises and to identify the attack vectors with the path of compromise of the systems.
In Depth pentesting, an intrusion is performed manually by expert pentesters who are familiar with the techniques and procedures commonly used by cyber attackers.
Hybrid pentesting service that combines the properties of the previous ones in a periodic and continuous duration. Targets are defined and evaluated by the cybersecurity team and the client.