Internal / External Penetration Testing
Tampa Technologies is unmatched in its vulnerability and penetration testing. Our team of professional pen-testers use a combination of automated AI enhanced tools along with manual. We use proprietary as well as industry best of breed tools to gather information about the organization, domains, target systems, running applications, and services on each target device or in your organization’s network. The information available in the public domain, dark web, port scanning identification of services, operating system types, service version, and release numbers are gathered.
The first step of every penetration test begins with planning. During this phase, the rules of engagement are clearly identified and confirmed. These include the type of testing (white, gray, or black box), testing goals and the client’s preferences about notification and next steps when an exploitable vulnerability is found. Finally, management approval to begin testing is documented via a waiver and network information is shared as determined by the type of testing.
The Attack phase includes attempts to exploit found vulnerabilities to gain system access and sensitive information. Various techniques will be used, including but not limited to manual techniques and automated tools. Tampa Technologies will take precautions against disruption, including a planning call in the Planning phase to clearly identify expectations, rules of engagement, and systems’ identification to exclude from testing. During the planning, the client also reserves the right to require the approval of any attempted exploitation of systems/services prior to any attempts by Tampa Technologies personnel. Any critical vulnerabilities are immediately brought to your attention, so they may be remediated.
Tools and resources used during the external penetration test include, but are not limited to, the following:
▪ Nessus ▪ BurpSuite ▪ NMAP ▪ Hashcat ▪ Metasploit Framework ▪ Hydra ▪ Nikto ▪ Dirbuster ▪ The harvester ▪ Sqlmap ▪ Proprietary Tools
Penetration Testing Discovery involves both Passive and Active Information Gathering:
Passive Information Gathering (OSINT)
While performing reconnaissance of targets in scope, we search for publicly available information using sources:
|
|
Active Information Gathering
The Active Information Gathering Phase is where the public-facing systems for your organization will be tested using various manual methods and commercial scanning tools to form the foundation for the attack phase. During the active information-gathering phase, Tampa Technologies will perform discovery and probing of targets in scope with the following technical activities:
|
|
Upon completion, Tampa Technologies will provide an Executive Report and a Technical report that summarizes the testing results for each vulnerability with any information exploited, potential disruptions that could be executed, and any suggested remediation or mitigation techniques.
Deliverables: