Follow Us:

Call Us: (289) 316-0507

 

Network Penetration Testing

Own Your Network Vulnerabilities

According to the Identity Theft Resource Center’s (ITRC) “ITRC Data Breach Report,” more than 29 million records were exposed in 858 publicized breaches across sectors including financial, government, health care and education.

Darn IT Group’s Cybersecurity Assessment Services test key aspects of a client’s environment for flaws that could be taken advantage of by an attacker. The goal is to build awareness that helps secure and protect your environment. Darn IT Group first performs a Vulnerability Assessment against the identified infrastructure to highlight vulnerabilities that an attacker might use to compromise the integrity of the systems in play. Darn IT Group then performs various Penetration Tests in order to better understand and improve upon the organization’s present security posture.

Network Penetration Testing is one of Darn IT Group’s most requested service offerings. This service is typically conducted in one of two possible situations:

Externally From Internet Facing Client’s Network

Internally From Inside Client’s Network

Both scenarios are leveraged to test the security measures implemented and processes followed by the client. Either solution – internal or external, Network Penetration Testing is executed in the following phases, with the goal of exploiting discovered vulnerabilities:

We Take Your Cyber Security Seriously, Darn IT Can Help

Intelligence Gathering

In this phase, we gain an understanding of the organization and its Internet footprint as well as any digital asset information.

  • Search Engine results (Google hacking, username/email harvesting, employee information)
  • Domains owned and registered by the company (mail, web, ftp and other server identification)
  • Company website (services/skills used by the company, partnerships, services provided)

Network and Application Reconnaissance

Reconnaissance is conducted next to discover all live hosts and services running within the organization’s network range.

  • Port scanning (standard and non-standard ports are probed)
  • IP scanning (discovering hosts and verifying host status)
  • DNS Lookup
  • Service fingerprinting (banner grabs, response analysis, known port lookup)
  • Service enumeration (pull relevant information from open services)
  • Operating System identification

Vulnerability Discovery and Analysis

The Vulnerability Discovery phase is an interactive procedure with the customer network to discover any vulnerabilities that exist on the hosts found in the previous phases.

  • Service Scanning
  • Vulnerability Scanning (typically conducted with third party tools)
  • Manual Checks
  • Based on discovered hosts and services information as well as manually researched vulnerabilities

Vulnerability Exploit and Privilege Escalation

In this phase, we attempt to exploit the vulnerabilities discovered in the previous phases in order to gain unauthorized access to the host.

  • Vulnerability exploitation (typically remote but not limited to):
    • Use of known exploitation tools
    • Use of custom created scripts or modified third-party scripts
  • Account hash dumping (password cracking attempts can be made, hashes can be passed)
  • Escalation from low-level accounts (horizontal or vertical)
  • Shellcode injection (in vulnerable applications)

To facilitate the successful transfer of knowledge following a Network Penetration Testing engagement, Darn IT Group will document and present our findings. The output to your team will include:

  • An executive summary report via phone
  • A detailed technical report with a recommended action plan
Ready To Get Started? Click The Following Contact Button Or Call 289-316-0507 Today!