Vulnerability Assessment & Penetration Testing
A Vulnerability Assessment rapidly identifies weaknesses within your computing environment and provides actionable steps to protect your data. A Vulnerability Assessment will answer these questions: Are my computer patches up to date? Do I have systems with mis-configured settings? Do I have default passwords that are active? Are there undocumented devices on my network? What are the most critical items, and how do I resolve them? The value of a Vulnerability Assessment is the ability to rapidly determine how well your computing environment is protected against known weaknesses.
MRE Technology Solutions uses industry-standard scanning tools to quickly ascertain the state of your IT environment and present a prioritized list of remediation steps. We have expertise with a wide range of scanning tools, including Tenable’s Professional Nessus®, Qualys, Core Impact, Metasploit, Acunetix, and BurpSuite Pro.
The Vulnerability Assessment includes:
A Complete System Scan, including:
- Servers, Workstations, Mobile devices, LAN/WAN devices, VPN devices
- Web applications: Cross-Site Scripting (XSS), SQL injection, and Cross Site Request Forgery issues
- Wireless networks
A Risk-Rank For Each Finding
Critical, High, Medium, and Low vulnerabilities, using the Common Vulnerability Scoring System (CVSS).
Prioritized list of items for immediate, medium-term, or longer-term resolution.
Summary of findings, risk-ranking, and top-priorities.
Comprehensive list of findings by host with details for remediation.
Penetration Testing is the ‘acid-test’ for your security preparations and defenses. A Penetration Test attempts to break into your computing systems. It uses the same tools and techniques that the bad guys use. Simply stated, it illustrates what a skilled hacker could do to your system and then poses these critical questions: Can defenses be evaded? What systems can be broken into? What data can be accessed? Are my passwords strong enough? And, importantly, can I detect that an attack is taking place?
MRETEC uses professional tools and a standard methodology to perform Penetration Testing. Our tools include Core Impact Professional, Metasploit, Acunetix, and BurpSuite Pro. Our experience has shown that these professional tools allow rapid, repeatable, and safe exploitation.
The Penetration Testing methodology mimics the techniques that hackers use, including:
Identifies key information about a target, such as locations, applications and equipment being used, IP addresses, and links to partner sites. We also look for personnel information such as email and telephone contact information, biographies/resumes, social media updates, and personal interests.
Using the results of the Reconnaissance step, we perform a comprehensive network scan against the target’s computing assets to discover vulnerabilities.
Select Targets and Deploy Exploits
Using the Enumeration results, selected exploits are deployed against vulnerable targets.
Once an Exploit is successfully installed, some level of access is granted by a host; in many cases this will be ‘root’ access. Once Access is gained, we attempt to escalate the privilege level, as well as pivot from the compromised machine and target other hosts.
Hunt for Data
Once an Exploit is successfully installed, we ascertain what data are available on the compromised host. We look for documents, spreadsheets, databases, and download a sampling of each as evidence items. In addition, we attempt to download password hashes and crack the passwords with standard tools, dictionaries, and Rainbow Tables.
Although the bad guys don’t perform this step, we remove all exploits from compromised machines once the testing is finished.
- Executive Report: Summary of findings, systems that were compromised, and a sample of discovered data.
- Detailed Report: Comprehensive list of findings, hosts that were compromised and methods used, and all data that were discovered.
- Penetration Test Log: Detailed, item-by-item log of all steps taken during the test.
- Recommendations: Prioritized list of items for immediate, medium-term, or longer-term resolution.
As part of the Penetration Testing, MRE Technology Solutions can also perform Social Engineering attacks against your organization’s personnel. Social Engineering testing provides valuable insight into the effectiveness of your organization’s Security Awareness program and immediate feedback to end-users.
For a typical Social Engineering assignment, MRE Technology Solutions:
- Uses the information gathered during the Reconnaissance step; collects information about select personnel (memberships, interests, hobbies, social media info, etc.).
- Creates customized messages and performs “spear-phishing” email attacks against the selected users. The emails include malware, which, if clicked, will install an agent on the target’s computer.
- Leverages the installed agent to install a key-logger, browse for files, or look for other targets.
We include the findings of the Social Engineering testing into the overall Penetration Testing Report.