It is important to regularly test your organization's infrastructure to protect it from external attackers. To achieve this, we perform VAPT on your organization's IT assets such as core business systems, database services, web, and mobile applications, firewalls, routers, switches, email servers and the overall infrastructure. It identifies potential security weaknesses and guides you to address them. Additionally, we perform simulated phishing and social engineering assessments to understand your team's security awareness and preparedness.
Vulnerability Assessment & Penetration Testing is the security testing methodology used by organizations to find any potential security weakness and the best approach to protect IT assets from external attackers. Normally VAPT testing has different strengths, and these tests are conducted to attain a complete vulnerability analysis. But as the tools used by cybercriminals are evolving, vulnerability assessment has become an important tool in the modern day's cyber arsenal.
A trustworthy VAPT provider must provide the necessary expertise, accreditations, and experience. Therefore, when selecting a VAPT provider, it's essential to look for an organization with the required accreditations, knowledge and expertise to identify risks and provide the support needed to address them. To address this need, we have a team of highly qualified ethical hackers who will not just discover vulnerabilities in your systems but provide necessary recommendations on how you can fix them.
The first step in every VAPT process starts with scoping. Here we identify the list of assets for VAPT, which is done in collaboration with the client. Furthermore, we extract additional assets. It includes details and functions of the assets. For example, in an application case, we need information such as features, input fields, and APIs. Furthermore, depending upon the client's need, we look for other details such as asset owner, custodian, value, and criticality.
In this step, we fix the schedule of the project. For example, some projects require off-hour activities if tests are to be performed in a production environment. We also outline project milestones and tentative completion dates.
The following approaches are used to perform the vulnerability scan:
1. Automated Scanning
2. Manual Scanning
3. Both
The following tools are used for automated scan:
1. Nessus
2. Burp Suite
3. ZAP
4. OpenVas Scanner
5. Nikto
6. Responder
7. In-House Scripts
For critical systems manual approach is preferred over an automated process.
In this step, we verify the identified vulnerabilities and filter the false positives through a manual process using internal scripts and tools like Nmap, Metasploit, Burp Suite, and Netcat.
We normally perform threat modeling as the step before we start penetration testing. In this step, we think of potential attackers and map assets and services against threats to define their priorities for penetration testing.
In this step, we focus solely on establishing access to a system or resource by exploiting previously found vulnerabilities and bypassing security restrictions the organization has implemented. When performing an exploit, in circumstances when bypassing security restrictions is not possible, we use alternative exploit methods. We also use customized payloads and public exploits to simulate specific versions of operating systems and services for a successful attack strategy.
Once access to the system has been established, we try to access other parts of the system, known as post-exploitation. Among many others, some of the common activities that we perform during the post-exploitation phase are:
Information Gathering
We normally perform threat modeling as the step before we start penetration testing. In this step, we think of potential attackers and map assets and services against threats to define their priorities for penetration testing.
Privilege Escalation
If we cannot gain root access to the target system via exploitation, we perform privilege escalation tasks to access data and services available to other users, services or nodes. We perform vertical and horizontal privilege escalation on the system during this process. For this task, we use previously gathered operating system kernel versions, service information, scheduled tasks, stored credentials and permissions and try to abuse any of these vulnerabilities to elevate administrator-level access and impersonate another user.
Lateral Movement
In this step, we explore the network to find other targets and gain access to it. We use this tactic to move through the organization's network to gain node-to-node access. To exploit the target, we rely on privileged credentials and impersonate the administrator's daily routines to stay stealthy and undetected. We also use different techniques, such as port forwarding or pivoting, to circumvent the network restrictions to and from the system and our PC.
In this step, we request the client to revert the changes made during the VAPT process. It includes deleting test accounts, revoking access and credentials, and reverting configuration changes.
In this step, we provide recommendations for resolving the identified issues and request revoking all the access given to us.