Penetration Testing and Ethical Hacking Overview
Penetration testing is simulating a malicious attacker with the intent to identify security vulnerabilities in a system. Penetration testing is our core business with 20 years of expertise. We have performed 1000’s of penetration tests across government, banking, finance, private sector, home appliances, education, critical infrastructure and mission critical systems. All our testers are CREST, OSCP or OSCE certified and senior consultants. The typical types of penetration testing we perform are:
- Web Application Penetration Testing
- Web Services and Web API Penetration Testing
- Mobile Application Testing IOS and Android
- External Infrastructure Penetration Testing
- Internal Infrastructure Penetration Testing
- Wireless Penetration Testing
- SCADA Infrastructure Penetration Testing
- Citrix ‘Break Out’ Testing
- Red Team Exercises
- Phishing and Social Engineering Exercises
Web Application Testing
Web application testing is designed to simulate a malicious user of an application. The purpose is to make sure that nothing malicious can happen to the application, its underlying server, any auxiliary servers and systems it talks to, the reputation of the company or other users of the application or their data. This tests from the perspective of a malicious user on the internet with no access (unauthenticated testing) as well as a malicious user with a login and password (authenticated testing).
At the end of this engagement, you will receive a detailed list of vulnerabilities that exist in your application, proof of concept examples for each vulnerability with reproduction steps and detailed remediation advice for all issues found.
Web Services/ Web API Penetration Testing
Web services testing is designed to simulate a malicious attacker trying to compromise or misuse a web service. The purpose is to make sure that nothing malicious can happen to the web service, any auxiliary systems or the reputation of the company or users of the API.
Like a web application report, you will receive a detailed report with proof of concepts, reproduction, and remediation steps. However, you will also be able to see additional vulnerabilities that specifically affect the APIs and systems that ingest their data.
Mobile Application Testing
Mobile application testing is designed to simulate a malicious user of the application or someone who has physical access to an IOS or Android device whether it be their own or a lost or stolen device. This is to ensure that a malicious user can’t do anything with the application they should not be allowed to do, and that sensitive data cannot be retrieved from lost or stolen devices.
Our Mobile penetration testing also incorporates backend API testing as most mobile applications are front ends to APIs. The final report will explain in detail vulnerabilities that exist in the application, a device that has the application installed and any backend APIs.
External Infrastructure Testing
External Infrastructure testing is designed to simulate an anonymous attacker on the Internet targeting a company’s public facing IP addresses. The purpose is to ensure that nothing malicious can happen to a company’s public facing infrastructure or the reputation of the company or employees of the company.
As part of these engagements, Red Cursor uses public breach data to identify compromised employee passwords. This is an often-overlooked method that is one of the easiest ways to break into a company. At the end of this engagement, you will receive a detailed report that realistically demonstrates what an anonymous hacker on the Internet can do to your company if you are targeted.
Internal Infrastructure Testing
Internal Infrastructure testing is designed to identify the vulnerabilities within a corporate network that could be leveraged from a compromised device or malicious user to escalate privileges and/or gain access to sensitive information.
A key outcome of these engagement is the client can identify and block lateral movement paths throughout their network. These reports detail how our testers can chain multiple vulnerabilities and techniques together to gain control over an internal network.
Wireless Penetration Testing
A wireless penetration test is a simulated hacking attempt against a company’s wireless infrastructure. It is designed to detect and exploit vulnerabilities in security controls used by wireless technologies and standards, misconfigured access points, and weak security protocols.
During these engagements our testers, will impersonate corporate access points and gain access to internal resources. The final report details configuration changes needed to secure the wireless networks.
SCADA Infrastructure Testing
SCADA Infrastructure testing is designed to simulate a malicious user attempting to gain access to a SCADA environment. Because SCADA networks have potential to cause significant damage, Red Cursor takes a white box approach. This is where we discuss the design with you and then validate that we can’t break into certain segments of the SCADA environment or compromise key equipment.
Because of Red Cursors risk adverse approach, they are trusted by multiple large SCADA industries in Australia. This way clients can realistically test their SCADA environments without breaking anything.
Citrix Breakout Testing
Citrix environments provide a limited set of published applications to users via a virtual desktop environment. A core component of this testing is to ensure that a malicious user can’t escalate their privileges on the Citrix server and then attack the internal network and Windows domain. A successful compromise of the internal network can lead to the compromise of all the businesses internal systems.
The final report from these engagements provides step by step examples of how an attacker can break out of the restricted Citrix environment as well as detailed configuration changes to prevent attacks.
Red Team Exercises
Red Teaming is the process of using tactics, techniques, and procedures to simulate a real-world threat with the goal of achieving a specific objective. This could be compromising an application or network, stealing data, gaining access to an email account, measuring the effectiveness of the security operations center, etc.
Red Teams are used to measure the effectiveness of the people, process, and technology used to defend a network, train or measure a Blue Team, and test and understand a specific threat or threat scenarios.
There are some major differences between penetration tests and red teams that should be noted. The goal of a penetration test is to determine the risk associated with vulnerabilities and misconfigurations given a specific scope. The goal of a Red Team engagement is to complete an objective. During a Red Team vulnerabilities and misconfigurations will only be exploited to the degree needed to achieve the goals or objectives. If a single vulnerability allows a Red Team to move forward, the team only uses this to move forward. Other potential methods or vulnerabilities found can be left unexplored.
The open scope nature of Red Team engagements allows for more creative attacks on an organisation. This includes gaining physical access to the network, attacking the wireless network or client devices, dropping malicious USB keys, phishing for malware execution or credentials, exploiting weaknesses, misconfiguration or vulnerabilities in Internet facing applications, services or infrastructure. Our Red Team engagement scopes, goals and objectives are always customised to fit the needs of an organisation.
Most companies think that having multifactor authentication (MFA) protects them from phishing attacks. This is not true and bypassing MFA is just one of our techniques. Red Cursor’s phishing exercises are designed to give you an independent overview of a business’s susceptibility to phishing attacks. This will allow you to develop an understanding of missing controls in email security and your employee’s awareness and knowledge of social engineering.
Through this exercise you will be able to see who reports the phishing email, how long it takes your incident response team to investigate, how well your incident response policies and procedures work in a real attack, how many credentials we capture and from which departments and what information we are able to gather from these credentials i.e. can we get admin access or access to your CEO, payroll or Legal team’s sensitive documents and accounts.