Simulated Cyber Attacks
Penetration testing (pen testing) discovers and identifies vulnerabilities and other security risks. Manual testing of vulnerabilities and potential attack paths helps organizations determine the impact an attacker could have. Blue Team Alpha provides both internal and external network penetration testing.
Internal Network Penetration Testing
The goal of internal network penetration testing is to determine the organization’s resiliency against and capability to respond to a modern, sophisticated attacker. By following an “assumed breach” methodology, Blue Team Alpha helps organizations explore how far an attacker can get in a reasonable amount of time, and what kind of impact an attack could have on the organization, its employees, and its customers.
Our methodology is based on a combination of years of experience, top-tier professional training, and best practice guidance from the Penetration Testing Execution Standard (PTES), NIST, MITRE ATT&CK framework and the Open-Source Security Testing Methodology Manual (OSSTMM). Our internal network penetration testing methodology also incorporates the “Assumed Breach” philosophy to provide more relevant results for modern security programs. Testing workflow has the following objectives:
- Establish persistence
- Gain privileged access to initial host
- Move laterally through the network
- Gain Domain Administrator or other privileged access to the environment
- Determine and catalog amount of access to sensitive data
- Password cracking
External Network Penetration Testing
The goal of external network penetration testing is to identify vulnerabilities that could lead to a compromise, and to better understand the potential impact of an attack. A secondary priority is to determine if reasonable technical security controls are employed by the organization. Blue Team Alpha’s testing methodology uncovers weak points with approaches that use real-world tactics, techniques, and procedures (TTPs) to bypass security controls of applications, systems, and networks.
Blue Team Alpha’s external network penetration testing methodology is comprised of four major phases:
Reconnaissance involves research-based activities to generate a profile about an organization and serves to uncover what information is easily available to potential attackers via publicly available and commercial resources. Information is discovered using Open-Source Intelligence (OSINT) techniques and tools, along with commercial and proprietary information sources. Acquired information is analyzed to determine if the organization is exposing information that is beneficial to attackers, sensitive in nature, or could lead to increased risk of compromise.
Enumeration processes actively map out systems, open ports, and services provided via open ports within a given testing scope. An iterative approach ensures that as much as possible is understood about systems in scope for testing. Automated tooling is employed initially to perform the heavy lifting associated with network mapping, service identification, and vulnerability scanning. Manual enumeration and research is performed to dig deeper into identifying services and their associated versions, configurations, and uncover any additional vulnerabilities or publicly available exploits that may exist.
Exploitation is an entirely manual phase where an attack plan is carried out based on what information was discovered in the Reconnaissance and Enumeration phases. Attack paths are followed based on identified vulnerabilities to determine if vulnerabilities are truly exploitable, and if so, to determine what the resulting potential impact would be.
Post-Exploitation techniques help determine the extent of a potential compromise and employ known attacker techniques for exfiltration and persistence mechanisms. Data sampling (versus downloading entire databases or other large information assets) is used to demonstrate potential impact by avoiding exfiltration of large amounts of sensitive information. Additional enumeration activities (e.g., network mapping to determine what a compromised asset has access to in a DMZ or internal network) may occur as part of the post-exploitation phase, however any exploitation, lateral movement, or other active testing will be limited to assets that are in scope.
Every Blue Team Alpha Pen Test Includes:
- A project kick-off call to review details and expectations for testing
- All testing performed by USA based, highly certified and experienced professionals
- Timely and comprehensive reporting of results
- Ongoing coaching and support for findings and recommendations