(SecureAuth, Sept 2018) When conducting a pen test, most testers will develop some type of process. And they’ll use process on every subsequent engagement. At a basic level, that process can be broken up into six steps. These are:
- Gathering Information
- Attack and Penetration
- Acquisition of Local Information
- Escalation of Privileges
- Clean Up
- Report Generation
Now not every test follows every step or these steps in this exact order. But as a generic process, it’s sound. Digging a little deeper into each step:
This is the step where most testers will spend the majority of time. All decent pen testing involves some type of recon. The goal is to obtain as much information as possible about the target. This may include end-user information, as well as about the network itself. As we know more about the target, the more precise we can be when launching attacks.
Attack and Penetration
Now we get our hands dirty. After finding what we can about the target, the next step is to begin an attack. With tools like Core Impact you can launch specific, targeted attacks – or even just the attacks you think most likely to succeed.
Acquisition of Local Information
After successfully compromising a target, you should have more permissions than at the start of the process. We use these to uncover additional information such as usernames and passwords, or maybe a list of services or applications running on the target. Armed with this information, we can proceed to the next step.
Escalation of Privileges
Mostly likely when we compromised the target, we only gained user access. With additional information from the previous step, we look to use that information to elevate our privileges to that of an administrator or other privileged user. If we can gain additional access, circle back and perform information gathering again. With additional privileges, we can likely get more data. Tools like BeyondTrust’s PowerBroker Suite can help users restrict and manage privileged actions.
Once we have all available relevant data, the next step is to clean up. (A tool such as Core Impact makes this very simple by clicking on the cleanup step. Core Impact will then go out and remove any agents that were deployed while the workspace was up and running.) But essentially the point is to cover our tracks.
Finally, the part that can be a bit painful. Tools can automate this part of the process, but either way an organisation can only learn and improve once it understands what’s happened. So your job now is to create the relevant reports and share it with the appropriate parties.
Hopefully that provides you with a simplistic view of the process. If you’d like to understand more please ask via our enquiry page. There’s webinars, whitepapers, trials and more available.