Jump to content
RS2Ad banner

[email protected]:~# Penetration testing services, are your site secure enough?

Recommended Posts

1 - Why I should invest in security?

When you have a online business, one of the most important things to invest in are on a strong security, without a decent security in your business information, databases, and everything involved is on high-risk of being hacked, Release, defaced, and in some cases deleted. Your clients and players are in risk of being infected too, and who's going to take  the blame is you.

1.1 - What kind of services are you going to do?

Black box testing
Black box testing refers to testing a system without having specific knowledge to the internal workings of the system, no access to the source code, and no knowledge of the architecture.

In essence, this approach most closely mimics how an attacker typically approaches applications. However, due to the lack of internal application knowledge, the uncovering of bugs and/or vulnerabilities can take significantly longer. Black box tests must be attempted against running instances of applications, so black box testing is typically limited to dynamic analysis such as running automated scanning tools and manual penetration testing.

White box testing
White box testing, which is also known as clear box testing, refers to testing a system with full knowledge and access to all source code and architecture documents. Having full access to this information can reveal bugs and vulnerabilities more quickly than the "trial and error" method of black box testing. Additionally, you can be sure to get more complete testing coverage by knowing exactly what you have to test.

However, because of the sheer complexity of architectures and volume of source code, white box testing introduces challenges regarding how to best focus the testing and analysis efforts. Also, specialized knowledge and tools are typically required to assist with white box testing, such as debuggers and source code analyzers.

In addition, if white box testing is performed using only static analysis techniques using the application source code and without access to a running system, it can be impossible for security analysts to identify flaws in applications that are based on system misconfigurations or other issues that exist only in a deployment environment of the application in question.

Gray box testing
When we talk about gray box testing, we're talking about testing a system while having at least some knowledge of the internals of a system. This knowledge is usually constrained to detailed design documents and architecture diagrams. It is a combination of both black and white box testing, and combines aspects of each.

Gray box testing allows security analysts to run automated and manual penetration tests against a target application. And it allows those analysts to focus and prioritize their efforts based on superior knowledge of the target system. This increased knowledge can result in more significant vulnerabilities being identified with a significantly lower degree of effort and can be a sensible way for analysts to better approximate certain advantages attackers have versus security professionals when assessing applications.

1.2 - And how does the payment work?

As I don't have any reputation on the forum I will do the choosen service before getting the payment, the price will be discussed depending on which service you want.

1.3 - What's the payment method?

[+] Cryptocoins [bitcoins, ethereum, litecoins, monero...]
[+] OldSchool RuneScape Gold
[+] Other forms can be negotiated

1.4 - How is your service done?

Understanding the enemy is an essential component of a successful defense, there is five phases of a successful network penetration, which I will do to find vulnerabilities and exploit them, if you allow me to.

Phase 1 - Reconnaissance

Reconnaissance is probably the longest phase, I will use a variety of sources to learn as much as possible about the target business and how it operates, including

    [+] Internet searches
    [+] Social engineering
    [+] Dumpster diving
    [+] Domain name management/search services
    [+] Non-intrusive network scanning

The activities in this phase are not easy to defend against.  Information about an organization finds its way to the Internet via various routes.  Employees are often easily tricked into providing tidbits of information which, over time, act to complete a complete picture of processes, organizational structure, and potential soft-spots.  However, there are some things you can do which make it much harder for an attacker, including

    [+] Make sure your systems don't Release information to the Web, including:
        [+] Software versions and patch levels
        [+] Email addresses
        [+] Names and positions of key personnel
    [+] Ensure proper disposal of printed information
    [+] Provide generic contact information for domain name registration lookups
    [+] Prevent perimeter LAN/WAN devices from responding to scanning attempts

Phase 2 - Scanning

Once I get enough information to understand how the business works and what information of value might be available, begins the process of scanning perimeter and internal network devices looking for weaknesses, including

    [+] Open ports
    [+] Open services
    [+] Vulnerable applications, including operating systems
    [+] Weak protection of data in transit
    [+] Make and model of each piece of LAN/WAN equipment

Scans of perimeter and internal devices can often be detected with intrusion detection (IDS) or prevention (IPS) solutions, but not always.  I know ways around these controls.  In any case, some steps you can take to thwart scans include

    [+] Shutting down all unneeded ports and services
    [+] Allow critical devices, or devices housing or processing sensitive information, to respond only to approved devices
    [+] Closely manage system design, resisting attempts to allow direct external access to servers except under special circumstances and constrained by end-to-end rules defined in                                       access control lists
    [+] Maintain proper patch levels on endpoint and LAN/WAN systems

Phase 3 - Gaining Access

Gaining access to resources is the whole point of a modern-day attack.  The usual goal is to either extract information of value to the attacker or use the network as a launch site for attacks against other targets.  In either situation, the attacker must gain some level of access to one or more network devices.

In addition to the defensive steps described above, security managers should make every effort to ensure end-user devices and servers are not easily accessible by unauthenticated users.  This includes denying local administrator access to business users and closely monitoring domain and local admin access to servers.  Further, physical security controls should detect attempts at a hands-on attack, and delay an intruder long enough to allow effective internal or external human response (i.e., security guards or law enforcement).

Finally, encrypt highly sensitive information and protect keys.  Even if network security is weak, scrambling information and denying attacker access to encryption keys is a good final defense when all other controls fail.  But don't rely on encryption alone.  There are other risks due to weak security, such as system unavailability or use of your network in the commission of a crime.

Phase 4 - Maintaining Access

Having gained access, an attacker must maintain access long enough to accomplish his or her objectives.  Although an attacker reaching this phase has successfully circumvented your security controls, this phase can increase the attacker's vulnerability to detection.

In addition to using IDS and IPS devices to detect intrusions, you can also use them to detect extrusions.  A short list of intrusion/extrusion detection methods, described in Chapter 3 - Extrusion Detection Illustrated (Extrusion Detection: Security Monitoring for Internal Intrusions, Richard Bejtlich, 2006), includes

    [+] Detect and filter file transfer content to external sites or internal devices
    [+] Prevent/detect direct session initiation between servers in your data center and networks/systems not under your control
    [+] Look for connections to odd ports or nonstandard protocols
    [+] Detect sessions of unusual duration, frequency, or amount of content
    [+] Detect anomalous network or server behavior, including traffic mix per time interval

Phase 5 – Covering Tracks

After achieving the objectives, the attacker typically takes steps to hide the intrusion and possible controls left behind for future visits.  Again, in addition to anti-malware, personal firewalls, and host-based IPS solutions, deny business users local administrator access to desktops.  Alert on any unusual activity, any activity not expected based on your knowledge of how the business works.  To make this work, the security and network teams must have at least as much knowledge of the network as the attacker has obtained during the attack process.

Share this post

Link to post
Share on other sites
RS2Ad banner

Wow this is great, thanks for your contribution :)

Share this post

Link to post
Share on other sites

Most of the thread is copy and pasted lol kinda sad

Share this post

Link to post
Share on other sites
On 10/30/2017 at 1:48 AM, Tyler said:

Most of the thread is copy and pasted lol kinda sad

The entire thread is copied and pasted 
Please login or register to see this link.

This coming from the same person who said "those free SSL certificates have a lot of vulnerabilities" :sweat:

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now