Penetration testing / Pentest
The purpose of the black box penetration testings is to discover what an attacker could do from a simple network socket. The tests aim to explore the information system in order to find sensitive data and security vulnerabilities that can be exploited to gain the total control or part of the information system. The grey box penetration testings are designed to evaluate the ability of a malicious collaborator to elevate his privileges on the information system and to access information normally inaccessible to this type of profile. These tests, complementary to the black box tests, make it possible to evaluate the partitioning of internal accesses as well as the possibility for a user to take control of equipment and services on which he has no legitimate or restricted access. These two approaches are realized consecutively, the auditor carrying out the operations of search and exploitation without valid credentials at first, before exploring the actions achievable with a valid user account.
This action is realized on the internal network, inside the premises of the customer as follow:
- The auditor uses his own computer to perform the tests;
- The scope of the audit can be wide, auditors will focus on strategic and sensitive information systems.
ISO 19011 audit processes are used to realize all the penetration testings as well as each audit we do. Our audit approach is based on the standards of ANSSI, CEH (Certified Ethical Hacker), OWASP (Open Web Application Security Project), and internal methodologies based on the experience gained by its consultants on similar missions.
Penetration testings are realized in 3 steps:
- Actual networks and services cartography of the IT network (scans);
- Finding vulnerable services and applications and exploiting these flaws without a user account;
- Inventory and exploit security vulnerabilities identified using unprivileged user accounts.
Tests performed are mainly focus on the following vulnerabilities:
- Public security vulnerabilities exploitations;
- Configuration fault;
- Weak or default password;
- Local privileges escalation;
- Compromission of accessibles servers;
- Firewall bypass and server rebounds.
Digitemis does not perform any denial of service attack in order to ensure that applications are not disrupted. If the execution of a technical attack represents a risk to the stability of the equipment or the network, this is only done with the explicit agreement of the auditee.
The main tools used are the following (non-exhaustive list):
- Nmap ;
- Metasploit ;
- John the Ripper ;
- Mimikatz ;
- Cachedump / pwdump ;
- Hydra ;
- Burpsuite ;
- SQLMap ;
- Wireshark ;
- Openvas ;
- Ettercap ;
- Aircrack-ng ;
- Internal developed tools.