No products in the cart.
by ./Chucks
Information Risk Consultant, Black Box Penetration Testing Specialist
chuksjonia.blogspot.com
What's Blackbox Penetration Testing?
• This requires no information provided and usually takes the approach an uninformed intruder would use, therefore simulating a very realistic scenario
Scenarios Penetration Testers would use:
• Insider Threat
• Government Spying
• Covert Evidence Acquiring (Cops)
• Fraud
• Theft
• Social Engineering
• Theft
• Organized Crime
• Espionage
• Hacktivism
Blackbox Penetration Testing has several types of assessments; common ones:
• Social Engineering Assessment
• Wireless Security Assessment
• RedTeam Assessment
• Surveillance and Recovery Assessment
• Web Application Security Assessment
• Advanced Persistence Threat Assessment
• External Security Assessment
• Covert Data Acquisition Assessment
• Database Security Assessment
• Social Media and Online Security Assessment
Wireless Security Assessment
• Testing wireless infrastructure
• Ensuring its hardened against unauthorized access
• Use other forms of Assessment e.g Red Team, SE etc
Red Team Assessment
• Term used by Military to test friendly infrastructures
• Used during Blackbox to test Assets on ground, simulate the company infrastructure and perform a fully motivated and funded adversarial attack
Surveillance and Recovery Assessment
• Commonly used before a Red Team Assessment
• Find as much information as possible especially about the organization employees
• May include theft e.g stealing mobile devices
Web Application Security Assessment
• Test applications accessed via http, https or on a client browser
Advanced Persistence Assessment
• Internet Based Espionage
• Malware
• Social Engineering Assessment is required
External Security Assessment
• Commonly used to test Services available on the internet
• Most security firms will use this as the only form of Blackbox
• Return on investment of existing implemented control like Intrusion Detection Systems, Firewalls and Application Defense Controls
Covert Data Acquisition Assessment
• Collection of Intel
• Stealing of passwords, deploying keyloggers and use of Insiders
• Safehouse deployment
• Rogue Access Point
Database Security Assessment
• Testing Database Protection in an Infrastructure Technical, Physical, Procedural (Administrative).
• Mysql
• Oracle
• MsSQL
• MsAccess
• Other Databases
Social Media and Online Security Assessment
• Gathering information
• Targets Infrastructure administrators
• Password usage e.g. repetition of pwds
• Relations, way of life, Security awareness, hobbies
• Background checks
Business Lang: language used by cooperates. Terms
• Blackbox Assessment → To make you think you don't need other Assessments during the pentest
• Internal Blackbox → Not Applicable, we just can't test your network from outside
• I.P Addresses → This has resulted to Graybox Testing
• Few Days of Testing → Now this is a Health Check
• Tools Snapshots → Nmaps, Telnet banners
For more, visit site:www.africahackon.com
Author
