• Sat. Apr 17th, 2021






NIST SP800-115 – https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf


When performing a test against services leveraged on cloud products reference the following: 

AWS Pentest procedures  
Microsoft Azure Pentest Procedures 
Google cloud pentest procedures 

Types of Pentest Assessments 

Goal Based: test new appliance, firewall application etc 
Compliance based: meet regulatory compliance such as PCI DSS 
RED Team: Test Defence and response capabilities of a clients Security teams /appliances 

Testing Strategies 

Black Box Testing: Tester has little to no information from the client this is used to simulate real world attacks however this takes more time and is a more costly test and may not provide a full report of all the vulnerabilities on a given target. 

Gray Box Testing: Tester is provided with some information from the client. 

White Box Testing: Tester is provided with a lot of information about the target. The advantage of this test is it is usually lower cost due to been able to bypass information gathering stage and client gets a full overview of vulnerabilities on the target system.  

Types of Target 

Internal: Accessed inside the network 
On-site Located: at target location 
Off-site Located: at third party site 
External: Accessible via the web (email, website) 
First-party hosted: Hosted by the client 
Third-party Hosted: Hosted by a third party 
Physical: USB Logger, Keylogger, Drop box 
Users: Social engineering, Phishing 
SSID’s: Evil Twin Attack, Wifi cracking 
Applications: Identify applications and versions 
Fragile Systems: Older systems, unpatched 
Specialized Systems: 

  • Industrial control systems
  • SCADA 
  • IoT 
  • Mobile Devices (phones, tablets) 
  • POS (point of sale) 
  • Biometric devices 
  • RTOS: Real time operating systems 

Scroll Up