Sensei recommends that all companies perform some form of a penetration test at least annually. This test is a security exercise in which a certified ethical hacker attempts to find and exploit vulnerabilities and weaknesses in defenses within a company’s information systems. The purpose of this simulated and controlled exercise is to identify any weaknesses in a company’s security defenses which attackers could use to gain access to the firm’s internal systems and information. If weaknesses are discovered, this test allows us to provide recommendations on how to remediate those weaknesses, making the company’s security stronger.
Types of tests that Sensei performs:
Physical Security Test – This test looks for flaws in the physical security practices of the target organization. We attempt to gain access physical office space (rooms, buildings) or try to take sensitive equipment such as laptops, desktops, USB drives or recycling bins out of target facilities without being noticed or stopped.
Stolen Equipment Test – This test involves obtaining a piece of equipment, such as a laptop, from the target organization and then trying to extract data from it in a laboratory environment.
Cryptanalysis Attack – This test focuses on bypassing or breaking the encryption of data stored on a local device or network.
Product Security Test – This test looks for security flaws in software products, such as exploitable buffer overflow conditions, privilege escalation flaws and the exposure of unencrypted sensitive data.
Network Services Test – This is the most common form of testing that involves finding target systems on the network, looking for vulnerabilities in their underlying operating systems and network services, followed by attempting to exploit them remotely.
Client-Side Test – This test is designed to find vulnerabilities within and exploit client-side software, such as browsers, media players and document-editing programs.
Web-Application Test – This test looks for vulnerabilities in web-based applications deployed in the target environment.
Social Engineering Test – This test involves attempting to convince a user into revealing sensitive information, such as a username or password, or to convince a user to click on a suspicious link within an email message. These tests are conducted over the phone or through email, targeting users and evaluating processes, procedures and user awareness.
Phases of Ethical Hacking
Reconnaissance – is the process of investigating the target organization to gather information about it from publicly available sources, such as domain registration services and websites.
Scanning – is the process of finding openings in the target organization, such as internet gateways, available systems, listening ports and vulnerability lists.
Gaining Access – ethical hackers exploit target systems to compromise them, possibly getting control of them either to extract data from the target, or to use that device to then launch further attacks on other targets.
Maintaining Access – in this process, ethical hackers require taking steps to be persistently within the target environment in order to gather as much data as possible.
Covering Tracks – Hackers attempt to cover tracks by deleting logs and removing any trace of their activities from the host systems. As an ethical hacker, it’s important to follow these same steps in order to see if a system can avoid detection and return to a state of non-recognition by the host network’s administrators.
Sensei’s Penetration Process
Preparation – During this part of the process, after the execution of a Non-Disclosure Agreement (NDA), we discuss the nature of the test with target personnel and sign off on permission and notice of danger of testing. A Rules of Engagement is drafted and executed by all parties.
Testing – In this part of the process, the testing of the network is carried out. Testing can take anywhere from a couple days to a few weeks.
Conclusion – At the conclusion of the testing, the results are analyzed and evaluated in preparation of drafting the report deliverable. The technical details and business implications are described in detail in a final report. As findings are addressed, single issue retests could occur, or an entire comprehensive retest may happen. Some engagements may conclude with a final wrap-up presentation.
Sensei’s Reporting Format
Executive Summary – This brief up-front material is meant for executives who may not read the full report, providing them with the most important conclusions from the work.
Introduction – This component describes the project at a high-level, answering the who, where, when, and why aspects of the project.
Methodology – This part of the report describes the “what” of the project. What did the team do? It covers the process of the penetration test or ethical hacking engagement.
Findings – This section presents the actual findings, listed one by one, in the target environment with detailed technical descriptions. The findings are sorted so that the most significant risk issues are discussed and addressed first.
Conclusions and Future Considerations – This last section summarizes the project results and replicates the Executive Summary. It may also include future considerations for items to test more comprehensively or to defend their information systems more effectively. We also provide a list of recommendations along with pricing in this section.
Appendices – The report appendices include lengthy outputs from the tools run during the execution of the engagement. This may contain screen shot elements, describing how a scan was performed and what output was gathered to prove existence of a vulnerability or exploit and how a hacker could potentially gain access to sensitive data.