Penetration Testing Service Highlights
100
Skillful & certified engineers
Certified
CEH, CompTIA PenTest+, OSCP
Test is executed for both systems at TMA site and client sites
Standard Pentest
Engagement process and testing process are implemented
Test category
Web, applications, network, system, software, OS, Database
Test method
Blackbox, Greybox, Whitebox
Penetration Testing Techniques & Tools
Penetration Test Methods
- Standard: PTES 7 Stages, OWASP, SANS, OSSTMM
- Blackbox
- Greybox/Whitebox
- Blind
- External
- Internal
Tools
- Nessus
- Kali
- BurpSuite
- Metasploits
- NMAP
- OWASP ZAP
- WireShark, OpenVas
- MobSF, Xcode, Genymotion
Penetration Test Types
- Web Application
- Mobile Application
- System Security
- Network Security
- Cloud Security
Programming Languages
- Perl
- Python
- Javascript
- SQL
Security Scoring System
- Common Vulnerability Scoring System – CVSS
- Common Weakness Enumeration – CWE
- NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment
- OWASP Mobile Application Security Verification Standard (MASVS)
Engagement Process
Target
- Understand the target system under penetration test
- Clarify requirements
- Determine what is needed for the test in technical perspectives
Scope
- The scope will vary by organization and what their infrastructure and posture look like. A client's scope will typically define what you can and cannot do. For example: no exfiltration of data, system downtime is not permitted (DoS, DDoS attack)
Objectives
- Objectives are discussed between the client and PEN test team to create an understanding between both parties of what is expected and provided. For example: identify system weaknesses and vulnerabilities, evaluate the impact of data exposure and exfiltration
Rules
- Focus on internal/external network, segmentation of DMZ and internal servers?
- Define outlines of report such as executive summary, purpose, scope, findings, remediation advices
- Permit to attack subnet/domain?
PenTest Process
Pentest Phase
Information gathering
Gather all relevant info about target system: IP address, opened port, OS,…
Passive & Active
Threat modeling
To understand and model all threats (adversaries, trusted partners…).
Identify and determine potential attacks
Vulnerability analysis
Take into account port and vulnerability scans, data gathered, and information collected during info gathering
Exploitation
Perform the attack such brute force, Injection, Target specific systems, identifies critical infrastructure, and targets information or data to attempted to secure.
Post exploitation
Try to move to another location/user. Established a backdoor for persistence
Report
Report security findings and how to fix the vulnerabilities & recommendations
Pentest Report Content
Contents
Executive Summary
Overview
System Under Test Information
Risk Ratings
Summary of the Findings
Vulnerabilities & Remediation Details
Details of Testing Executed
Case Study
Pentest for VoIP Cloud-based system
- System under test: a cloud-based service that securely connects new or existing phone lines, numbers and service plans to Microsoft Teams
- Test method: Greybox
- Test category: Cloud-based Service
- Tools used: Burp Suite Professional
Test Procedure:
- Find the vulnerable order confirmation email feature.
- Inject malicious payloads and send it to potential clients
Summary of issues found:
- Malicious email with real, authentic sender.
Pentest for Element Management System
- System under test: an EMS platform that provide monitoring, operation and management to network elements
- Test method: Whitebox
- Test category: Linux System
- Tools used: Manual, automated enumeration scripts (Linpeas, LinEnum, LSE…)
Test Procedure:
- Check for system information (outdated kernel, current user information, sudo…)
- Check for misconfiguration (SUID, Cron Job, PATH, Capabilities, NFS…)
- Find exploits according to enumeration results.
Summary of issues found:
- Vulnerable to PwnKit, able to escalate to root.
- Gain a persistent backdoor using cron
- Information Disclosure via readable Files.
Pentest for Analytic Platform
- System under test: A big data platform to feed data to Analytics Applications that secure and monitor your Communication Services and Networks
- Test method: Greybox
- Test category: Analytics API
- Tools used: Burp Suite Professional
Test Procedure:
- Find the request that query information only available to admin user.
- Send that same request, but now with low privilege user’s authentication token (IDOR)
Summary of issues found:
- Low privilege user can view sensitive information available to admin only. (IDOR)
Related Case Studies
