Penetration Test
Penetration Test ⫘
Service Overview ⫘
A Penetration Test exposes weaknesses in systems or network services and demonstrates how an adversary may exploit weaknesses to move through the network and gain access to target systems or data. The test includes exploitation of vulnerabilities, username and password discovery, lateral movement between systems inside and outside of the target environment, and pivoting through compromised hosts. The test exposes security flaws that vulnerability assessments do not usually detect.
Service Methodology ⫘
Prior to the test, Secureworks will schedule an initial meeting to establish rules of engagement, level of effort, scope, risk acceptance, remote testing appliance (RTA) requirements, reporting requirements, test timelines, and schedules.
The Secureworks approach to advanced network security testing is based on an internally developed methodology, derived from industry best practices and extensive security testing experience. Secureworks works closely with you to determine in-scope and out-of-scope targets. Listed below are components of the test.
- Network Discovery: Secureworks performs port-scans of IP ranges you provide to identify live hosts. This test includes activities such as scanning a range of IP addresses to identify top transmission control protocol (TCP) ports in use and identifying specific applications and potential version information through banner grabbing. For external tests, scan data is delivered after the test is complete, detailing live hosts and top open ports. Port-scan data is not included with internal test reports.
- Open Network Services Enumeration: Secureworks interrogates network services to determine additional information about your network that could lead to compromise.
- Open Network Services Exploitation: Secureworks will use information from "Open Network Services Enumeration" to attempt to compromise network services. Examples of techniques used include brute-forcing of password-protected, network-based services; authentication bypass of vulnerable network services; exploiting outdated vulnerable services using public exploits; and identifying and exploiting network backdoors.
- Post Exploitation and Lateral Movement: Secureworks will attempt to identify compromise vectors for your wider network and domain infrastructure.
- Remediation validation will be conducted for only the high- and critical-severity findings.
Outcome ⫘
Presentation of findings and deliverables compiled by Secureworks will be provided to you in the form of a report. The report will include the following:
- Executive summary
- Methods, detailed findings, narratives, and recommendations if any
- Attachments as needed for relevant details and supporting data
Scope and Service Units ⫘
Penetration Test - Internal ⫘
Scope | Description | Service Units |
---|---|---|
Small | Up to 50 internal IP addresses IP addresses for the test must be all internal; otherwise, separate work effort is required. |
8 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units |
Medium | Up to 250 internal IP addresses IP addresses for the test must be all internal; otherwise, separate work effort is required. |
16 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units |
Large | Up to 500 internal IP addresses IP addresses for the test must be all internal; otherwise, separate work effort is required. |
24 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units |
Penetration Test - External ⫘
Scope | Description | Service Units |
---|---|---|
Small | Up to 50 external IP addresses IP addresses for the test must be all external; otherwise, separate work effort is required. |
8 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units |
Medium | Up to 250 external IP addresses IP addresses for the test must be all external; otherwise, separate work effort is required. |
16 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units |
Large | Up to 500 external IP addresses IP addresses for the test must be all external; otherwise, separate work effort is required. |
24 Work is conducted during business hours of the Secureworks consultant After-hours feature is available for an additional 8 Service Units |
Phishing Add-On ⫘
Scope | Description | Service Units |
---|---|---|
Small — Click and Log | Up to 100 email addresses and 2 campaigns | 16 |
Medium — Click and Log | Up to 500 email addresses and 4 campaigns | 24 |
Small — Credentials Capture | Up to 100 email addresses and 2 campaigns | 16 |
Medium — Credentials Capture | Up to 500 email addresses and 4 campaigns | 24 |
Endpoint Compromise | 4 payloads executed in a controlled environment | 24 |
Limitations for Phishing ⫘
You agree to allow access for the phishing sending domain (do not block it using mitigating technologies) or the phishing engagement cannot be completed.
Above-listed service units are for standard templates that Secureworks uses (only available in English). Any template customizations or additional languages will incur additional service units.
Additional Threat Models ⫘
The Secureworks Adversary Group delivers industry-leading, goal-based penetration testing. While the above-listed standard tests are designed to emulate common threat models (external threat actor, threat actor with internal network access, etc.), additional, more-specific threat models are also available. Below are some common threat models we have used with many of our customers.
Test | Threat Model | Service Units |
---|---|---|
Cloud | A cloud-focused penetration test for medium/large cloud deployments; can include credentialed testing, AzureAD, and a simulation of "What would happen if an attacker obtained access to my cloud environment?" |
|
Hardware | An adversarial test for custom hardware platforms; can include activities such as firmware dumping and analysis, boot security tampering, JTAG access, and network (wired, wireless, bluetooth, etc.) attacks |
|
Lost Laptop | Starts with a corporate-issued laptop image; the Secureworks Adversary Group works to compromise the device and any sensitive information on it; testing can include activities such as Bitlocker / Full-Disk Encryption bypassing, cold-boot memory attacks, QuickCreds attacks, USB HID, and image configuration abuse |
|
Car / Automotive | Testing includes CANBUS, ODBII dongle analysis, capture / replay attacks, fuzzing, packet creation, etc. |
|
Medical Device | An adversarial test conducted on medical devices to discover methods for compromising the device or extracting sensitive patient data from the device |
|