Jump to content

Common internal penetration tests


seanhalsing

Recommended Posts

Hak5ers,

I need to pick all your brains. I have a customer who has asked me to perform an internal penetration test on around 20 servers they have.

I only have two weeks to complete this (including reporting) and need a list of common tests which will provide them with adequate assurance.

I'm assuming its mainly a Windows based environment which includes servers such as DNS, Mail and ebanking servers.

How would you go about this in a fast and efficient manner?

Can you guys list the tests you would perform.

Oh yes, they have also asked for their ebanking app to be tested. I've never tested such apps. Any ideas?

Thanks guys

Sean.

 

Link to comment
Share on other sites

Best idea, get someone in who knows what they are doing. If you are having to ask on a forum about how to conduct a pen test,  especially one that has anything to do with ebanking, then you really shouldn't be doing it.

I know this sounds harsh and everyone has to learn, but this is not the environment to learn in, you mess up here and you could leave the company open to attack despite your report saying they are secure.

I'd find someone who knows what they are doing, get them to do the job, and shadow them to learn from them. Do this a few times and then start to take a more active role with the second person watching what you are doing. It will take a while but you'll get to the point where you can do a test that will give the client what they actually need.

  • Like 1
  • Upvote 2
Link to comment
Share on other sites

Thanks for your reply Digininja.

I have actually done quite a few tests for banks over the past couple of years. Just thought it would be interesting to get other perspectives to see how they do things, especially as Im pressed for time. I suppose the term I used 'adequate assurance' is somewhat subjective.

And yes, Ill probably will get someone to do the apk testing.

Id be interested to hear from others.

 

Sean

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...