Penetration Testing

Altonace has developed a penetration testing methodology that focuses on real threat sources specific to a target environment to develop relevant attack vectors. This methodology enables us to reduce the time and cost required, while performing comprehensive penetration tests that meet government agency and organizational requirements. Our tests are consistent, repeatable, and measurable within tightly-defined testing periods to provide our clients with valuable insight into the real-world risks of system vulnerabilities and business impact of network intrusions.

Our approach thoroughly analyzes customer systems, and identifies vulnerabilities and potential attack vectors. We attempt to leverage publicly available exploitation techniques if available, or build custom exploits to penetrate the infrastructure if needed. Penetration testing can range from breaching single hosts to gaining deep access into the network, based on customer requirements. Our penetration testing services include:

  • Black-Box (no knowledge), White-Box (full knowledge) and Grey-Box (limited knowledge) assessments.
  • External network penetration tests to identify and target externally exposed attack surfaces and simulate outside attackers.
  • Internal network penetration tests to assess a system’s resistance to attacks by informed insiders, or the impact of an initial breach by external attackers.

Methodology

Radiantere has invested a considerable amount of time in the planning and execution of large scale and specialized vulnerability assessment and penetration testing efforts for our clients. Our experience has enabled us to build and refine our methodology to ensure a comprehensive set of security tests is performed in an efficient, effective, repeatable, and standardized manner. Our penetration testing methodology follows a blended framework approach by leveraging governing bodies including the NIST SP 800-115, Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) testing guide, and the GSA IT Procedural Guide for Conducting Penetration Test Exercises.

Our penetration testing execution methodology follows a standard four phase process:

1. Reconnaissance

  • Utilize passive and active techniques to conduct intelligence gathering (employee online presence, system footprint, potential targets for social engineering activities)
  • Utilize focused search engine modifiers to identify additional hosts, application versions, personnel, etc.
  • Gather technical information for use in later stages of the assessment

2. Enumeration

  • Utilize various open source and commercial tools to identify hosts, network services, applications, and vulnerabilities within the system footprint
  • Utilize the results to aid in understanding targets and identify any protection mechanisms that might be in place on the network
  • Fingerprint available services and web applications to determine if there are any additional unprotected attack vectors such as management interfaces

3. Exploitation

  • Actively exploit hosts and applications within the target network with the intent of gaining access to target hosts
  • Utilize manual escalation techniques (custom tools, etc.) where exploitation frameworks are not effective or practical
  • Analyze the risk of identified vulnerabilities by demonstrating attacks against the system to determine the sensitivity of the information that can be retrieved, and level of access that can be gained

4. Escalation

  • Escalate privileges and compromise credentials on beachhead hosts (hosts successfully exploited)
  • Leverage compromised systems to gain new accesses, pivot further into the network and laterally move into other customer networks
  • Cycle enumeration exploitation and escalation activities as access is gained to additional hosts
  • Perform internal/lateral scans and further discovery to identify hosts on the network that may only respond to the compromised system