Stages Of The Penetration Test
The stages of a penetration test is a linear path to a successful pentest. Each of the stage are important and is based on the information found and gathered from the previous stage.
Before doing any pentest, we must preform a pre-engagement interaction with the client to make sure everyoe is on the same page about the pentest. This is an important step that needs a thoroough communication. We need to understand the client’s business goals for the pentest. Asking the right questions is crucial. This can determine if the pentest was successful or not. This does not depend whether or not you find an exploit, or a vulnerability, or poor security posture. It’s our goal to ask the right questions to ensure a successful pentest.
Also called the reconnaissance phase. During this phase, we analyze freely available sources of information, this process is called open source intelligence (OSINT). This is information that is already out there in the world that we can use. We use tools tools crafted by companies, or by other security professionals to gather important information for us instead of manually doing this, such as port scanners, email harvesters, domain/web server lookups, etc.
Threat Modeling / Vulnerability Analysis
Once you gather sufficient amount of information about the client’s system, we start thinking like a hacker and plan (model) attacks (threats) the client would realistically face based on the information we gathered ourselves.
Planning the attack we can also enforce a pre-attack phase that discovers vulnerabilties. Doing this we can ensure everything is ready for our official attack. We utilize vulnerability scanners like Nessus, Nikto, w3af, OpenVAS, WAScan to find possible vulnerabilities for us.
After gathering all the information, here we start to have fun by running exploits against the vulnerabilties our vulnerabiltiy scanner discovered. As a penetration tester, it is us to us to exploit the vulnerabilities, if possible and assess the risk of the compromise. Here we often us Metasploit to do the dirty work for us.
Some say, this is where the real pentest happens. Exploiting the clients machine won’t mean much to them if there’s nothing to pivot of it. This phase, we dive deeper into the system by gathering additional information, privilege escalation, and from one system to another. Doing this we might be able to access other sensitive data stored on the system. There’s a lot of avenues in this phase where we can further exploit the system. This gives us a better understanding and a clear picture of the client’s security.
The final phase. Some would think this the boring phase now it’s all about documenting your processes and findings. Here we convey everything from the start of our questions to the very last exploit, to the client.
We describe the overall posture of the test, risk the oranization faces, and general findings. From there we give our recommendations to remediate the issues found during our pentest with a possible road map to address some of the critical vulnerabilties now and address the low ones in a later time.
We also provide a technical report of our test. This gives a high level overview for technical teams to address these vulnerabilties. The documentation we create from the first stage to the last, we basically give to them - but in a much more detailed report.