- Collecting information – collecting information about the tested object on the basis of sources available on the Internet.
- Network mapping – analysis of the computer network of the tested object.
- Vulnerability identification – searching for vulnerabilities based on the obtained information.
- Penetration – gaining unauthorized access to the system.
- Permissions escalation – an attempt to raise permissions and extend the scope of access to the infrastructure.
- Further penetration – obtaining additional information about the system (e.g. about running processes) in order to enable further security breaches of individual system components.
- Compromising remote users and applications – breaking the trusted relationship and safe communication between remote users and the attacked system.
- Maintaining access – using hidden channels, backdoors, rootkits and other tools to hide the presence of the pentester in the system and ensure continuous access to the system until the test is completed.
- Removal of traces – elimination of all activity traces in the form of files, logs, system integrity tests, anti-virus systems, etc. which could indicate the attack.
Penetration testing is usually performed in the graybox methodology, i.e. when the pentester has some but incomplete information about the attacked object. This method allows the tester to better reflect the scenario of a real attack, while identifying all vulnerabilities of the infrastructure, and not only – as in the case of an actual attack – one or a combination of several vulnerabilities. Penetration tests do not cover the security analysis of individual applications of the tested infrastructure to an extent comparable with the audit service.
Do you have questions about the service or do you need a personalized offer? Email us with questions.