Fifty shades of penetration testing (ok, only four, but here they are)

Fifty shades of penetration testing (ok, only four, but here they are)

Henry Dalziel | Information Security Careers, Pentesting Tools | September 11, 2013

This post is mostly to help our young students, so for those of you reading this that are veterans don’t roll your eyes up, instead, please take a moment to check out our upcoming web shows: we’ve got some amazing events coming up!

You’ve probably heard of ethical hackers and penetration testers, and they all typically conduct their work within four different approaches. These are:

White Box Penetration Testing refers to the professional (‘ethical hacker’) having full access, knowledge, permission and disclosure of their clients network(s) and computer system(s). In other words your client has told you the targets that they would like you to compromise and have basically mapped the whole network out for you! Easy life. Version information and legacy systems will also likely be disclosed. The benefits with white box hacking is that, because there has been a disclosure, you and your client save time (i.e. your client saves money) and there can be a greater degree of efficiency.

The problem with white box hacking is that it can be deemed as not being ‘completely realistic’ since a real hacker might not follow the same ‘easy’ routes. Black box and ‘grey box’ testing/ hacking, is a little more puritan and, is probably the preferred route to take because it represents a more realistic outlook on the genuine level and sophistication of security an organization has.

The next level of security testing can be referred to as ‘Grey Box Penetration Testing.’ There isn’t really a specific definition for ‘grey hat’, suffice to say that it is (obviously) ‘in-between’ white and black hat hacking methodologies (and ethics when the term is placed outside permission-based penetration testing).

Black Box Penetration Testing would typically start from a ground-zero level and the pentester would be expected to navigate their way into their clients network. The skills of the professional will certainly be under increased levels of scrutiny and will determine the success of the security audit for the client.

And, a final color: Red Team Penetration Testing!

This category is a bit of a wildcard in that it does not have the same ‘boundaries’ as the other three above.

A ‘Red Team’ has military connotations in the security sense: these guys are the ‘special forces’ of the security world. The Red Team are often unknown to other employees. Like black box pentesting, Red Team deployment provides a more realistic picture of the security readiness of an organization over ‘white or grey box’ testing.

Vulnerability Assessments
If you are interested in a career in information security then you will work within the remits and boundaries of the above categories. Within these categories the ethical hacker will deploy a series of vulnerability assessments, most likely by deploying an array of pentesting tools. The major benefit of using such tools is that they will identify weaknesses and/ or vulnerabilities within their clients network – and quickly. Nmap, Nessus and wireshark are good examples of such tools.

In Summary
Many of our previous speakers on Hacker Hotshots have demonstrated in their presentations the skills and methods they employ to penetrate and compromise systems, and judging by their excellent research, there is no lack of creativity!

An in-depth understanding of your clients network is vital. The scope and depth is vast, from the integrity of web applications, BYOD, BYOA (Bring Your Own Application), the ‘security intelligence of all employees (including social engineering) etc., are all integral to a successful and professional penetration test.

What are your thoughts? We’d love to hear from you especially if you work in the security field. What category do your clients typically prefer you to work in? Do you agree with the above?

Leave a comment or reply below...thanks!