Penetration Test

Penetration Test ⫘

Service Overview ⫘

A Penetration Test exposes weaknesses in systems or network services and demonstrates how an adversary may exploit weaknesses to move through the network and gain access to target systems or data. The test includes exploitation of vulnerabilities, username and password discovery, lateral movement between systems inside and outside of the target environment, and pivoting through compromised hosts. The test exposes security flaws that vulnerability assessments do not usually detect.

Service Methodology ⫘

Prior to the test, Secureworks will schedule an initial meeting to establish rules of engagement, level of effort, scope, risk acceptance, remote testing appliance (RTA) requirements, reporting requirements, test timelines, and schedules.

The Secureworks approach to advanced network security testing is based on an internally developed methodology, derived from industry best practices and extensive security testing experience. Secureworks works closely with you to determine in-scope and out-of-scope targets. Listed below are components of the test.

Network Discovery: Secureworks performs port-scans of IP ranges you provide to identify live hosts. This test includes activities such as scanning a range of IP addresses to identify top transmission control protocol (TCP) ports in use and identifying specific applications and potential version information through banner grabbing. For external tests, scan data is delivered after the test is complete, detailing live hosts and top open ports. Port-scan data is not included with internal test reports.
Open Network Services Enumeration: Secureworks interrogates network services to determine additional information about your network that could lead to compromise.
Open Network Services Exploitation: Secureworks will use information from "Open Network Services Enumeration" to attempt to compromise network services. Examples of techniques used include brute-forcing of password-protected, network-based services; authentication bypass of vulnerable network services; exploiting outdated vulnerable services using public exploits; and identifying and exploiting network backdoors.
Post Exploitation and Lateral Movement: Secureworks will attempt to identify compromise vectors for your wider network and domain infrastructure.
Remediation validation will be conducted for only the high- and critical-severity findings.

Outcome ⫘

Presentation of findings and deliverables compiled by Secureworks will be provided to you in the form of a report. The report will include the following:

Executive summary
Methods, detailed findings, narratives, and recommendations if any
Attachments as needed for relevant details and supporting data

Scope and Service Units ⫘

Penetration Test - Internal ⫘

Scope	Description	Service Units
Small	Up to 50 internal IP addresses IP addresses for the test must be all internal; otherwise, separate work effort is required.	8 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units
Medium	Up to 250 internal IP addresses IP addresses for the test must be all internal; otherwise, separate work effort is required.	16 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units
Large	Up to 500 internal IP addresses IP addresses for the test must be all internal; otherwise, separate work effort is required.	24 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units

Penetration Test - External ⫘

Scope	Description	Service Units
Small	Up to 50 external IP addresses IP addresses for the test must be all external; otherwise, separate work effort is required.	8 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units
Medium	Up to 250 external IP addresses IP addresses for the test must be all external; otherwise, separate work effort is required.	16 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units
Large	Up to 500 external IP addresses IP addresses for the test must be all external; otherwise, separate work effort is required.	24 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units

Phishing Add-On ⫘

Scope	Description	Service Units
Small — Click and Log	Up to 100 email addresses and 2 campaigns	16
Medium — Click and Log	Up to 500 email addresses and 4 campaigns	24
Small — Credentials Capture	Up to 100 email addresses and 2 campaigns	16
Medium — Credentials Capture	Up to 500 email addresses and 4 campaigns	24
Endpoint Compromise	4 payloads executed in a controlled environment	24

Limitations for Phishing ⫘

You agree to allow access for the phishing sending domain (do not block it using mitigating technologies) or the phishing engagement cannot be completed.

Above-listed service units are for standard templates that Secureworks uses (only available in English). Any template customizations or additional languages will incur additional service units.

Additional Threat Models ⫘

The Secureworks Adversary Group delivers industry-leading, goal-based penetration testing. While the above-listed standard tests are designed to emulate common threat models (external threat actor, threat actor with internal network access, etc.), additional, more-specific threat models are also available. Below are some common threat models we have used with many of our customers.

Test	Threat Model	Service Units
Cloud	A cloud-focused penetration test for medium/large cloud deployments; can include credentialed testing, AzureAD, and a simulation of "What would happen if an attacker obtained access to my cloud environment?"	8 for unauthenticated cloud testing 16 for authenticated cloud testing (assumed breach)
Hardware	An adversarial test for custom hardware platforms; can include activities such as firmware dumping and analysis, boot security tampering, JTAG access, and network (wired, wireless, bluetooth, etc.) attacks	Starts at 16 for each unique device; includes testing firmware, wireless, board I/O, and network Additional Service Units may be required if the device is complex or needs additional testing Note: Requires multiple clones of the same hardware to be sent to Secureworks
Lost Laptop	Starts with a corporate-issued laptop image; the Secureworks Adversary Group works to compromise the device and any sensitive information on it; testing can include activities such as Bitlocker / Full-Disk Encryption bypassing, cold-boot memory attacks, QuickCreds attacks, USB HID, and image configuration abuse	8 for each unique laptop image Note: Requires an imaged laptop to be sent to Secureworks
Car / Automotive	Testing includes CANBUS, ODBII dongle analysis, capture / replay attacks, fuzzing, packet creation, etc.	Starts at 8
Medical Device	An adversarial test conducted on medical devices to discover methods for compromising the device or extracting sensitive patient data from the device	Secureworks Adversary Group will assist with determining the scope and required service units

Scheduling and Booking Information ⫘

See Service Scheduling for information about scheduling this service.