Notes form AfricaHackOn: BlackBox Penetration Testing

Mar 25, 2014

AfricaHackOn2014-1-220x126by ./Chucks
Information Risk Consultant, Black Box Penetration Testing Specialist

chuksjonia.blogspot.com

What's Blackbox Penetration Testing?
• This requires no information provided and usually takes the approach an uninformed intruder would use, therefore simulating a very realistic scenario

Scenarios Penetration Testers would use:
• Insider Threat
• Government Spying
• Covert Evidence Acquiring (Cops)
• Fraud
• Theft
• Social Engineering
• Theft
• Organized Crime
• Espionage
• Hacktivism

Blackbox Penetration Testing has several types of assessments; common ones:
• Social Engineering Assessment
• Wireless Security Assessment
• RedTeam Assessment
• Surveillance and Recovery Assessment
• Web Application Security Assessment
• Advanced Persistence Threat Assessment
• External Security Assessment
• Covert Data Acquisition Assessment
• Database Security Assessment
• Social Media and Online Security Assessment

Wireless Security Assessment
• Testing wireless infrastructure
• Ensuring its hardened against unauthorized access
• Use other forms of Assessment e.g Red Team, SE etc

Red Team Assessment
• Term used by Military to test friendly infrastructures
• Used during Blackbox to test Assets on ground, simulate the company infrastructure and perform a fully motivated and funded adversarial attack

Surveillance and Recovery Assessment
• Commonly used before a Red Team Assessment
• Find as much information as possible especially about the organization employees
• May....





























© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023