Penetration tests

The scope of work performed as part of penetration tests by a certified "ethical hacker" includes:

Penetration tests from the local network and the Internet

An audit aimed at determining what type of threats the client's network is vulnerable to and the point of contact with the Internet. The audit uses techniques and tools used by intruders during various types of attacks (e.g. man-in-the-middle, denial of service, distributed denial of service, ipspoofing, mac spoofing, arppoisoning). The purpose of the audit is to find out how people who do not have direct and official access to the infrastructure are able to threaten security or obtain valuable information. Scope of work:

  • information reconnaissance (websites, RIPE databases, DNS servers, SMTP headers, internet search engines, job portals)
  • scanning of the IP address pool (icmp scan, tcp scan)
  • scanning TCP / UDP ports with various methods (Xmas, connect, Null, SYN, FIN)
  • enumeration of owned systems, applications, devices and versions of system and firmware software
  • attempts to redirect traffic using the ARP table poisoning technique and the ICMP protocol
  • Attempts of Man In The Middle attacks (session interception, eavesdropping traffic, seizing passwords and access data)
  • attempts to take control of infrastructure elements (active network devices, technical back-up devices, cameras, access control, UPSs, environmental monitoring, administration panels, storage and backup devices, remote server management controllers)
  • analysis of local network traffic at the level of all layers of the ISO / OSI model (including Ethernet, IP, TCP / UDP, DNS, DHCP, RDP, SMTP, POP3, IMAP, FTP, HTTP ... protocols)


Wireless network security tests

The audit covers issues related to the security of WLAN networks. For example, the possibility of eavesdropping or disrupting the wireless network traffic from outside the company's premises, with the use of antennas and devices with greater signal strength than traditional network cards used in computers, is taken into account. The tests also include checking the security mechanisms used and attempts to break them. Among other things, the strength of the passwords used through attempts at dictionary and brute force attacks. Scope of work:

  • testing the wireless network signal level for the possibility of intercepting / disrupting traffic from a greater distance
  • examination of the security mechanisms used
  • testing the strength of the passwords used (dictionary attacks, brute force attacks, password decoding on the basis of IV)
  • attempts to disable communication with access points through attacks such as deauthentication request, deauthentication broadcast
  • attempts to place and launch an enemy access point


Scanning systems for security holes

Audit aimed at determining the types of threats to which operating systems used on servers and workstations are vulnerable. During the audit, tools are used to detect known vulnerabilities and system vulnerabilities to exploits developed for them. The purpose of the audit is to indicate which patches and software versions should be applied in order to eliminate potential threats. Scope of work:

  • enumeration of operating systems and software
  • control of the configuration of systems, devices and applications (including databases) in terms of recommended security practices
  • searching for threats related to the owned systems and software versions in databases of well-known vulnerabilities and exploits (CVE)
  • assessment of the risk associated with the gaps found
  • development of recommended solutions to improve and increase the level of security
  • scanning with two independent tools dedicated to all families of operating systems
  • generating a report on missing critical and recommended security patches, updates or service packs


Web systems security research

An audit to determine whether the authentication and data input mechanisms in WEB applications guarantee security and resistance to specific types of attacks. During the audit, tools for testing vulnerability to threats are used, such as sqlinjecting, cross sitescripting, commandinjecting. The scope of the audit covers, among others examination of the main threats defined by the OWASP organization as the TOP 10 most dangerous vulnerabilities:

  • A1-Injection (injections - no validation of the entered data)
  • A2-Cross Site Scripting (XSS) (cross-site script substitution)
  • A3-Broken Authentication and Session Management (incorrect authentication and session handling)
  • A4-Insecure Direct Object References
  • A5-Cross Site Request Forgery (CSRF)
  • A6-Security Misconfiguration (configuration errors)
  • A7-Insecure Cryptographic Storage (no encryption of stored data)
  • A8-Failure to Restrict URL Access
  • A9-Insufficient Transport Layer Protection (no security at the transport layer level)
  • A10-Unvalidated Redirects and Forwards (no redirect validation)


Testing the resistance of users to social engineering

Audit to determine the extent to which the company's employees are susceptible to social engineering attacks. During the audit, controlled attempts are made to obtain confidential information from users or persuade them to perform specific activities that may affect the company's security. The purpose of the audit is to examine the level of users' awareness and their resistance to threats such as phishing. During the audit, specially prepared viruses and Trojans are used. It is recommended to include it in the scope of penetration testing (previous point). The scope of social engineering tests:

  • Telephone contact with the user in order to try to obtain classified information
  • E-mail contact with attempts to obtain login details (phishing)
  • Email contact with virus / Trojan activation attempts
  • Direct contact to obtain unauthorized access to company resources
  • Attempts to impersonate a known person in order to persuade them to take specific actions that threaten security