Network Pentest
Phases of Network Penetration Testing
The BitCore security assessment team conducts penetration tests without the need for detailed network or infrastructure diagrams and without requiring user accounts or additional information unless explicitly necessary.
BitCore adheres to a structured methodology based on OSSTMM principles for network penetration testing.
Our methodology involves the following 7 key penetration testing stages:
In this initial phase, testers gather as much information as possible that would be available to a potential malicious actor. This involves collecting publicly accessible information, such as the location and details of web servers, mail servers, and other internet-facing services, as well as any internal systems if access is provided.
For internal network assessments, access to the corporate network is typically established through a stable VPN connection or via a lightweight Linux server acting as a jump box within the network. This setup allows testers to securely connect and perform scans and evaluations from within the internal network environment.
After gathering initial data, testers proceed with identifying and probing services running on the network. The focus is on discovering and understanding the services that are active, which may include web servers, mail servers, firewalls, DNS servers, and other critical infrastructure components.
Comprehensive port scans are performed to identify all machines and their services within the specified IP ranges. Testers then investigate the types of applications running, version numbers, and operating systems, aiming to uncover any potential weaknesses that could be exploited.
With a clear understanding of the services running on the network, testers then identify the most vulnerable points. The goal is to find and exploit vulnerabilities that could lead to unauthorized access, data breaches, or service disruptions.
Pentesters focus on a detailed, manual assessment of identified resources. This phase involves a closer examination of web servers, routers, firewalls, DNS servers, and other critical systems.
Particular attention is given to configurations that could pose a risk, such as outdated software versions, weak security protocols, or misconfigured services. Ensuring that all components are secured against known vulnerabilities is a key part of this phase.
For environments utilizing Active Directory (AD), testers assess the security of AD implementations and configurations. This includes:
Enumerating AD Users and Groups: Identifying users, groups, and their privileges todetect potential security issues or privilege escalation paths.
Assessing AD Permissions: Evaluating the permissions and rights assigned to users and groups to ensure they are correctly configured and do not allow unauthorized access.
Testing for Common AD Vulnerabilities: Checking for vulnerabilities related to AD, such as weak or default passwords, misconfigured policies, and potential attack vectors for AD exploitation.
Throughout the penetration testing process, BitCore uses custom and publicly available tools, including port scanners, automated vulnerability scanners, HTTP proxies, and exploitation frameworks. These tools assist in conducting a thorough security assessment of the network.
Pentesters report and triage all vulnerabilities during the assessment itself. We provide details on all of the findings discovered by our pen-testers through the preferred communication channel. Clients have full visibility over discoveries in real time.
In the findings and final report, pen-testers provide detailed remediation steps and advice on further improvements of the security posture.
The client can perform remediation efforts on critical discoveries during and after the testing timeframe and pen-testers can test the updated components and re-test the discovered issues to confirm that there is no residual risk for the client from a security perspective.