Have any questions?
(961) 76 108 669
info@semurity.com
RegisterLogin
SemuritySemurity
  • Home
  • About Us
  • Training Programs
  • Events
  • FAQs
  • Blog
  • Contact Us

    7 Qualities of Highly Effective Penetration Tests

    • Posted by A.S.
    • Categories Blog, Pentest
    • Date August 13, 2017
    • Comments 1 comment

    There are so many factors that mark a sophisticated, high value, and effective penetration test. A penetration test must demonstrate effectively the worst case scenario, in terms of business impact, that can happen in case of a security breach. It goes far beyond an automated vulnerability scanning. Technical managers as well as executive ones must be able, by studying a penetration test report, to assess the security posture of their organization and to decide where and how to spend their money securing their information. In this post, I will present seven qualities which I believe are essential to what we might call an effective penetration test.

    1. Multi-Talented and Diverse Team

    Even though we tend to look at penetration testing from a purely technical perspective, such testing won’t be complete if it does not include testing the physical and human aspects of the target. Sensitive information may be immune to theft by a hacker, but it may not be as such to a thief breaking into a weak window. Or, the sensitive information could be divulged by a secretary over the phone to someone claiming to be a business partner of the manager. For this reason, a penetration test team must include a person specialized in social engineering and physical break-ins.

    2. Well-Defined Success Criteria

    Success Criteria are conditions under which the target is said to be “hackable.” They must be defined and stated before the actual penetration testing engagement. Ill-defined success criteria may cause a lot of misunderstanding at the end of a penetration test since each the testers and the target owners are left to their own interpretation of the findings. Success criteria have to be clear, exact, specific, and provable on what types of actions are considered true “hacking” and that would impact the business operation of the target.

    3. Comprehensive Intelligence Gathering

    Before the penetration tester would jump into firing his or her own favorite port scanner or vulnerability analyzer, they must perform thorough reconnaissance and footprinting of the target organization. A competent penetration tester must not be hindered by the triviality of any information they find. Every piece of information gathered at this phase counts, e.g., names, phone numbers, physical addresses, public documents, news, etc., are all going to serve a need at some time later during the test. A well-executed intelligence gathering means better scanning and assessment results, more attack vectors, sophisticated social engineering attacks, and so on.

    4. Manual Assessment of Each Vulnerability

    In order to deliver a highly effective penetration test, the tester must not rely on the findings and assessment of any automated vulnerability scanner. And there are different reasons why this is crucial. First, an automated scanner may generate false positives, that is, they might state findings that are actually non-existent. Second, the assessment – or risk rating – of these scanners might not reflect the actual risk for the particular target organization. And third, automated scanners will not classify the scanned assets based on their worth to the business. For these reasons, a skilled tester must check and assess each reported finding manually, verify its exploitability, rate the associated risk, and demonstrate any business impact.

    5. Asset Classification and Threat Modeling

    In warfare, an army cannot start attacking their enemy blindly without having a well-built strategy. An attack strategy must prioritize the target assets in terms of their worth, and also prioritize attacks in terms of their impact. Similarly, during a network penetration testing, at the time of the attack, one would start attacking the most valuable assets with the most impactful types of attack; then, one would move in degree to other assets with lesser and lesser importance. Only at the end, one would perform attacks that might have the least impact, only after having exhausted all the great attacks.

    6. Extreme Post-Exploitation Pivoting

    A sign of a well-performed penetration test is the techniques and mechanisms employed after successfully exploiting a system, that is, the post-exploitation phase. For a competent penetration tester, gaining access – a shell – to a system is not the end, but rather, the beginning. There are a lot of steps and actions to be executed after the initial compromise. One of such important actions is utilizing the compromised system as an entry point to dive deeper into otherwise unreachable networks and systems – but always within the initial agreed-upon scope. This is the art of pivoting. Other systems, which might be behind a firewall or in a DMZ can be exploited and chained to the initial exploited system. In other words, exploiting the secondary systems is tunneled through the first exploited system. And these secondary systems can further be pivots to exploit a third layer of systems, and so on.

    7. Multi-Layered Recommendation

    One of the mistakes that many penetration testers commit when they submit the final report is to include a single recommendation for each vulnerability – as generally extracted from an automated vulnerability scanner. However, a highly effective penetration test must end with a well-written report that actually informs the target organization’s IT team how to take their entire IT architecture and design to a higher and more secure level. It is important to include those single recommendations, but in addition, it is more important to offer advices on how to enhance the overall network architecture, to integrate latest solutions, and to even change the mentality of IT people on how to perceive information security.

    • Share:
    A.S.

    Founder of Semurity Academy

      Abed is currently the founder and director of Semurity Academy, that is dedicated to offering training programs in white-hat hacking and cyber security. He has nearly 10 years of experience in the information security field. Previously, he was the IT security engineer at Consolidated Contractors Company (CCC) in Athens, Greece. He has spoken at different Computer Security conferences: RUXCON (Australia), Hack-in-the-Box (Malaysia), AthCon (Greece), and ISACA Leb. Chapter.

      Previous post

      Bind and Reverse Shell with Netcat
      August 13, 2017

      Next post

      Pivots and Relays for Extreme Post-Exploitation Control
      August 29, 2017

      You may also like

      bitcoin-3411309_1280
      Web-based Cryptojacking Attacks
      19 January, 2019
      internet-1235106_1280
      How to Host an Anonymous Website on Tor Network
      14 November, 2018
      processor-540251_1280
      The Essence of Buffer Overflow Exploitation
      21 September, 2018

        1 Comment

      1. Mose
        August 19, 2018
        Reply

        I spent a lot of time to find something like this

      Leave A Reply Cancel reply

      Your email address will not be published. Required fields are marked *

      thirteen + fourteen =

      Search

      Categories

      • Anonymity
      • Blog
      • Hacking
      • Pentest
      • Security
      • Uncategorized

      Latest Courses

      Network Whitehat Hacking & Penetration Testing

      Network Whitehat Hacking & Penetration Testing

      $750.00 $700.00
      Web Application Whitehat Hacking and Pentesting

      Web Application Whitehat Hacking and Pentesting

      $650.00 $600.00

      Latest Posts

      Web-based Cryptojacking Attacks
      19Jan2019
      How to Host an Anonymous Website on Tor Network
      14Nov2018
      The Essence of Buffer Overflow Exploitation
      21Sep2018
      Evading Anti-Virus Software with Veil Framework
      07Jan2018
      How to Setup your Own Certificate Authority (CA) using OpenSSL
      06Nov2017

      GET IN TOUCH WITH US

      If you have any question or inquiry, please do not hesitate to contact us by phone or email. We are always delighted to assist you and provide you with clear information about our training programs.

      Contact Details

      (961) 76 108 669

      info@semurity.com

      Company

      • About Us
      • Blog
      • Contact
      • Become a Teacher

      Links

      • Courses
      • Events
      • Gallery
      • FAQs

      © Semurity Academy by Supple Networks.

      Login with your site account

      18 + three =

      Lost your password?

      Not a member yet? Register now

      Register a new account

      one × two =

      Are you a member? Login now