seanhalsing Posted November 7, 2018 Share Posted November 7, 2018 Hak5ers, I need to pick all your brains. I have a customer who has asked me to perform an internal penetration test on around 20 servers they have. I only have two weeks to complete this (including reporting) and need a list of common tests which will provide them with adequate assurance. I'm assuming its mainly a Windows based environment which includes servers such as DNS, Mail and ebanking servers. How would you go about this in a fast and efficient manner? Can you guys list the tests you would perform. Oh yes, they have also asked for their ebanking app to be tested. I've never tested such apps. Any ideas? Thanks guys Sean. Quote Link to comment Share on other sites More sharing options...
digininja Posted November 7, 2018 Share Posted November 7, 2018 Best idea, get someone in who knows what they are doing. If you are having to ask on a forum about how to conduct a pen test, especially one that has anything to do with ebanking, then you really shouldn't be doing it. I know this sounds harsh and everyone has to learn, but this is not the environment to learn in, you mess up here and you could leave the company open to attack despite your report saying they are secure. I'd find someone who knows what they are doing, get them to do the job, and shadow them to learn from them. Do this a few times and then start to take a more active role with the second person watching what you are doing. It will take a while but you'll get to the point where you can do a test that will give the client what they actually need. 1 2 Quote Link to comment Share on other sites More sharing options...
seanhalsing Posted November 7, 2018 Author Share Posted November 7, 2018 Thanks for your reply Digininja. I have actually done quite a few tests for banks over the past couple of years. Just thought it would be interesting to get other perspectives to see how they do things, especially as Im pressed for time. I suppose the term I used 'adequate assurance' is somewhat subjective. And yes, Ill probably will get someone to do the apk testing. Id be interested to hear from others. Sean Quote Link to comment Share on other sites More sharing options...
Broti Posted November 10, 2018 Share Posted November 10, 2018 (edited) Not exactly a bank, but still interesting: https://www.youtube.com/watch?v=pL9q2lOZ1Fw Edited November 10, 2018 by Broti 1 Quote Link to comment Share on other sites More sharing options...
Bigbiz Posted November 11, 2018 Share Posted November 11, 2018 Red team security. Red team field manual. !/ Quote Link to comment Share on other sites More sharing options...
jOte- Posted November 24, 2018 Share Posted November 24, 2018 On 11/10/2018 at 4:00 PM, Broti said: Not exactly a bank, but still interesting: https://www.youtube.com/watch?v=pL9q2lOZ1Fw I want this JOB !!!!!! 🙂 Quote Link to comment Share on other sites More sharing options...
digininja Posted November 24, 2018 Share Posted November 24, 2018 It's fun. Just remember though, that for all the time on screen, there is usually at least twice the time in the office planning, having meetings, writing specs and doing reports. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.