Tel: +44(0)1529 306284

Penetration Testing

Penetration Testing

Penetration testing or a pen test, is a simulated attack on a computer system. Looking for areas of weaknesses that can be exploited, so as to, gain access to the systems and data they hold.

Penetration Testing Flowchart - Computer Crime Consultants

Testing should be undertaken when a new element is introduced to the system or a significant upgrade takes place. The type of test will depend on the objective.

The types of tests are:

  • Black Box
    The testing of a specific target network, where no information is provided.
  • Crystal or White Box
    The testing of a specific target network, where the topology of the target is provided.
  • Third party (a)
    The third party has authorised access to an area of the target and seeks to abuse their privileges and gain greater access to information.
  • Third party (b)
    The third party has physical access to a location, but is not an authorised system user. They then attempt to gain access to the system.
  • Rogue employee
    An employee, abuses their levels of access to gain privileged information.

As mentioned, the goals of a test will vary depending on the purpose of the exercise. However, the aim should be to establish whether any vulnerabilities exist. If so, what security measures were either bypassed or defeated. The impact can then be measured and suitable solution found, to prevent this type of attack.

Zero-day warez,
what’s that?

Intelligence Gathering

System owners often think that this element is not relevant in the majority of scenarios. However, undertaking a test without this element is likely to produce inaccurate results. Frequently, system owners have little or no idea of the volume of information available or its potential impact. As a result they are also unaware of its value when testing. If no information is identified this should also be a factored into any assessment.

Examples of which could be:

  • Identifying a device, application or operating system and then finding any default accounts and passwords which could attempted.
  • Obtaining company email addresses for social engineering.

The type of information in the public domain is likely to include:

  • DNS
  • DNS to IP mapping
  • email addresses
  • mail exchangers
  • mutual friend/employee connections
  • name servers
  • telephone numbers
  • social networking profiles
  • web pages
  • zone transfer tables
  • publications
  • news reports

Hence, this information, can also form part of a social engineering attack.

Social Engineering

Is, the use of deception to manipulate parties into divulging relevant information which can then used to further an exploit. Intelligence gathering can help to provide a plausible story that results in disclosure.

Other areas of exploitation associated with social engineering are:

  • ‘dustbin-diving’ – The searching of waste materials for potentially valuable information.
  • ‘shoulder surfing’ – Peering over someone’s shoulder to see and memorise an access code or pin number.

Passwords

Evaluating passwords is an important element of both penetration testing and wireless network auditing. The successful decryption of passwords provides opportunities for attackers acquire or escalate privileges, to either gain a foothold within a system or increase privileges they already possess.

Evaluating passwords is an important element of both penetration testing and wireless network auditing. The successful decryption of passwords provides opportunities for attackers acquire or escalate privileges, to either gain a foothold within a system or increase privileges they already possess.

We have developed a series of tools and methodologies designed to test passwords created using a wide variety of algorithms, including WPA, WPA2, NTLM, MD5, SHA1. As a result, our processes have been designed to automatically undertake a variety of tests in sequence, increasing in complexity and strength. Furthermore, sequencing  can be modified to cater for an organisations particular needs. Our testing utilises the best elements of the following types of conventional attacks:

  • Combination Attacks
  • Dictionary Attacks
  • Dynamic Attacks
  • Fingerprint Attack
  • Hybrid Attacks
  • Markov Attacks
  • Mask Attacks
  • Pattern Attacks
  • Permutation Attacks
  • Rule-Based attack

Wireless passwords

There has been a significant increase in the use of wireless networks. However, the ability to locate, identify and capture encrypted passwords is relatively simple. Hence, the password’s strength and life expectancy must provide an appropriate level of security and needs adequate testing.

Zero-day warez?
No idea!

Penetration testing or a pen tests are simulated attacks on a computer system. Looking for areas of weaknesses that can be exploited, so as to, gain access to the systems and data they hold.

For more information on the penetration testing services we are able to provide.
Tel: +44 (0) 1529 306284. or Email: contact@ccc-ltd.com

For examples of projects and cases undertaken: Click Here...