Release: Version 1.1
In today's ever-evolving digital landscape, securing your organization's mobile,
web, and network assets is crucial to safeguarding sensitive information from
potential threats. Penetration testing serves as a vital component of
comprehensive cybersecurity strategies, enabling organizations to proactively
identify vulnerabilities and strengthen their defenses. This document outlines
Hacken's approach for multi-cloud, mobile, web, and network penetration
testing, providing a clear understanding of the benefits and outcomes these
assessments aim to achieve.
During the information security assessment, the Hacken team focuses on the
following goals and objectives:
Your cloud-based infrastructure acts as the backbone supporting your digital
operations. Our approach applies to the most popular cloud infrastructure
platforms such as GCP, AWS, Azure and others. With a combination of
automated tools for reviewing the environment's static configuration with
read-only access, manual testing and focus on proof of concept for each
potential attack vector from the perspective of an attacker who obtained an
initial foothold to your platform. Beginning with automated tools that
meticulously review the static configuration of your cloud infrastructure
platforms. By analyzing these settings with read-only access, we identify any
potential misconfigurations or security gaps, providing valuable insights into
your overall security posture.
Then the Hacken team conducts manual testing, leaving no stone unturned as
they probe your cloud environments. With a focus on common vulnerabilities
and emerging threats specific to cloud platforms, we identify weaknesses such
as misconfigured access controls, insecure API endpoints, and inadequate
encryption practices. Through this meticulous approach, we ensure
comprehensive coverage and uncover potential attack vectors that could
compromise your cloud security.
Throughout the penetration testing process, we prioritize the proof of concept
for each identified vulnerability. By simulating real-world attack scenarios, we
provide tangible evidence of the potential impact and consequences of an
exploited vulnerability. This allows you to fully comprehend the severity of the
risks and make informed decisions to effectively mitigate them. By fortifying the
resilience of your cloud-based infrastructure, our Multi-Cloud Penetration
Testing methodology ensures the protection of your organization's sensitive
data, applications, and services. We proactively identify and address security
weaknesses, minimizing the likelihood of successful attacks and safeguarding
your business operations.
Your web applications are the face of your organization, serving as the primary
channel for interacting with customers and conducting business. However, with
the rise of sophisticated cyber threats, your web applications are increasingly
vulnerable to attacks. Our Penetration Testing methodology is tailored to
scrutinize the security posture of your web applications, leaving no stone
unturned. Our team of ethical hackers expertly probes your web applications,
meticulously identifying vulnerabilities such as cross-site scripting XSS, SQL
injection, and session hijacking. By addressing these weaknesses, we ensure
that your web applications remain resilient against malicious exploitation,
securing your digital presence and safeguarding your organization's reputation.
In the age of mobile dominance, the security of your mobile applications is
non-negotiable. With the exponential growth of mobile usage, your mobile
applications act as gateways to your organization's critical data. Our Penetration
Testing services aim to identify vulnerabilities in your mobile applications and
assess their susceptibility to attacks. By simulating real-world scenarios, our
skilled team of experts meticulously assesses your mobile apps, ensuring they
meet the highest security standards. Our methodology covers both Android and
iOS platforms, guaranteeing that your applications are fortified against potential
exploits, data leaks, and unauthorized access.
The backbone of your organization's IT infrastructure, your network, requires
vigilant protection against threats that could compromise its integrity. Our
Network Penetration Testing services are designed to assess the robustness of
your network architecture, identifying vulnerabilities that could be exploited to
gain unauthorized access. Our experienced team performs comprehensive
testing, examining cloud and on-premise network devices, firewalls, routers, and
switches, to evaluate their resilience against attacks. By deploying cutting-edge
methodologies, we strengthen your network security, ensuring your critical
assets are shielded from unauthorized access, data breaches, and network
intrusions.
Our Security Assessment approach grow out from the combination of industry
recognized best practises and highest team members individual skills
| # | Team Member and Role | Components to review |
|---|---|---|
| 1 | Lead Penetration Tester | ● Project planning and executing● Penetration Testing● Identify security and business risks for application● Preparing artifacts and deliverables● Results Presentation |
| 2 | Penetration Tester | ● Penetration Testing● Identify security and business risks for infrastructure |
| 3 | Delivery Manager | ● Customer communication● Project delivery and quality control |
The Hacken team utilizes automated tools along with manual methods to
identify security vulnerabilities and perform tests to actively exploit them in a
non-harmful manner. It's important to note that the choice of tool depends
largely on the specific needs of the pen test.
The below list only scratches the surface of the variety of tools available to
penetration testers. Depending on the specifics of a test, the scope of the
project and the technological details of the target, a wide range of other
specialized tools may also be used. From open source scripts to commercial
tools, the field of penetration testing is dynamic and rapidly evolving, always
adapting to meet the challenges posed by the ever-changing landscape of
cybersecurity.
| Tool Name | Description | Applicable Stages |
|---|---|---|
| Kali Linux | A free and open-source Linux-based operating system that's often used by cybersecurity professionals for various forms of penetration testing, ethical hacking, and network security assessments. It's developed, maintained, and funded by Offensive Security, a provider of information security training and penetration testing services. | All-stages Tool |
| Metasploit | An exploitation framework used to compile and execute exploit code against vulnerable systems | All-stages Tool |
| HashCat | is a well-known password cracking tool that's favored for its versatility and speed. It's an open-source tool often used by penetration testers and cybersecurity professionals to recover (or "crack") a variety of hashed passwords. | ● Exploitation |
| BloodHound | an open-source tool that uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment | ● Vulnerability Identification● Attack Surface Analysis● Enumeration |
| Tool Name | Description | Applicable Stages |
|---|---|---|
| ScoutSuite | An open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. | ● Whitebox Enumeration● Vulnerability Identification |
| CloudFox | An open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. | ● Whitebox Enumeration |
| awspx | A graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine what actions affect which resources, while taking into account how these actions may be combined to produce attack paths. | ● Whitebox Enumeration |
| cloud_enum | A multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. | ● Whitebox Enumeration |
| AzureHound | The BloodHound data collector for Microsoft Azure. | ● Whitebox Enumeration |
| Powler | An open source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. | ● Whitebox Enumeration |
| MicroBurst | An open source security tool includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. | ● Whitebox Enumeration● Vulnerability Identification |
| AWS pwn | A collection of pre-written scripts for performing various tasks related to penetration testing AWS. | ● Whitebox Enumeration● Vulnerability Identification |
| Tool Name | Description | Applicable Stages |
|---|---|---|
| Burp Suite Pro | A leading toolkit for web security testing. Developed by PortSwigger, this software provides a platform for performing security testing of web applications. It is used by penetration testers, cybersecurity professionals, and ethical hackers to identify potential vulnerabilities in web applications. | ● Vulnerability Identification● Attack Surface Analysis● Penetration And Exploitation |
| Nuclei | An open-source project that provides fast and customizable vulnerability scanning based on templated workflows. It's commonly used in penetration testing and bug bounty hunting. Developed by the team at ProjectDiscovery.io, Nuclei is designed to be highly flexible and can be tailored to work with a wide variety of network protocols and infrastructure. | ● Vulnerability Identification |
| ffuf | An open-source, fast web fuzzer written in Go. A fuzzer is a tool used in testing and it works by feeding a wide range of inputs into a program to see if any of them cause it to behave in an unexpected or unintended way | ● Penetration And Exploitation |
| SQLMap | is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. | ● Vulnerability Identification● Exploitation |
| TmplMap | is a tool that automates the process of detecting and exploiting Server-side Template Injection vulnerabilities SSTI. | ● Vulnerability Identification● Exploitation |
| SSRFMap | is an open-source penetration testing tool used to automate the process of detecting and exploiting SSRF vulnerabilities | ● Vulnerability Identification● Exploitation |
| Acunetix | A web vulnerability scanner designed to identify security issues in web applications. Developed by Acunetix Ltd., it's primarily used by security analysts and developers to scan websites and web applications for potential vulnerabilities such as SQL Injection, Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, and others. | ● Vulnerability Identification |
| WPscan, JoomScan, DroopeScan | The open-source common CMS security testing tools. | ● Vulnerability Identification |
| Tool Name | Description | Applicable Stages |
|---|---|---|
| MobSF | is an open-source, automated mobile app security testing framework. It is designed to help security researchers, developers, and penetration testers assess the security of mobile applications on various platforms, including Android and iOS. | ● Penetration And Exploitation● Attack Surface Analysis |
| Objection | is an open-source runtime mobile exploration framework developed by SensePost. It is designed to assist security researchers and mobile app developers in analyzing and manipulating the behavior of Android and iOS apps during runtime. | ● Penetration And Exploitation● Attack Surface Analysis |
| Frida | is a free and open source dynamic code instrumentation toolkit written by Ole André Vadla Ravnås that works by injecting the JavaScript engine (previously and ) into the instrumented process. Frida lets you execute snippets of JavaScript into native apps on Android and iOS (as well as on ). | ● Penetration And Exploitation● Attack Surface Analysis |
| Passionfruit | is an open-source iOS application analysis tool developed by the team at the University of California, Santa Barbara UCSB. It is designed to assist security researchers and developers in analyzing the runtime behavior of iOS applications and identifying potential security issues. | ● Attack Surface Analysis● Vulnerability Identification● Enumeration |
| SSL Kill Switch 2 | Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS | ● Exploitation |
| Tool Name | Description | Applicable Stages |
|---|---|---|
| Nmap | An open-source port scanner and service enumeration tool used for mapping networks, systems, and services. | - Enumeration |
| Nessus | is a remote security scanning tool that scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. | - Enumeration- Information Gathering- Attack Surface Analysis |
| amass | A powerful open-source tool used for information gathering, specifically for discovering subdomains associated with a given domain. It was developed by OWASP Open Web Application Security Project), a well-known nonprofit that works to improve the security of software. | - Information Gathering |
| CloudEnum | CloudEnum is an open-source tool developed by Chris Moberly, a researcher from the Australian security company Assetnote. The tool is designed to help penetration testers and security researchers enumerate publicly exposed cloud resources. | - Enumeration- Attack Surface Analysis |
| MicroBurst | A collection of PowerShell scripts that are used for assessing and exploiting security vulnerabilities in Microsoft's Azure cloud. These scripts were developed by NetSPI, a security consulting company. | - Penetration And Exploitation- Enumeration |
| CredMaster | An open-source util for password spray attack via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays. | - Penetration And Exploitation |
| Wireshark | is a widely-used, open-source network protocol analyzer and packet capture tool. It allows users to analyze network traffic in real-time and examine captured packets to understand and troubleshoot network issues. | - Enumeration |
| Impacket | is an open-source collection of Python classes developed by SecureAuth Corporation for working with network protocols. Impacket is highly effective when dealing with Windows systems, given its focus on Microsoft's SMB Server Message Block), MSRPC Microsoft Remote Procedure Call), and other protocols. | - Penetration And Exploitation- Pivot- Privilege Escalation |
| Rubeus | is a sophisticated tool used by penetration testers and red teamers to interact with Microsoft's Kerberos protocol. | - Penetration And Exploitation- Pivot- Privilege Escalation |
| CrackMapExec | often abbreviated as CME, is a popular open-source tool in the cybersecurity community. It's used for testing the security of Microsoft's Active Directory environments and is widely used by penetration testers and red teamers during the reconnaissance phase of an operation | - Penetration And Exploitation- Pivot- Privilege Escalation |
The severity level (criticality level) of each vulnerability is determined based on
the exploitation difficulty and the access level to an enterprise or end-user
information system an attacker can gain in case of successful exploitation. The
lower the exploitation difficulty level and the higher the access level which an
attacker can get, the higher the vulnerability severity level will be. The matrix
below illustrates the general methodology followed for identifying the severity
level of each finding:
To be the CVSS Compliant Hacken Team utilizes the Common Vulnerability
Scoring System CVSS values for each level of vulnerability, such a solution will
help prioritize the fixing vulnerabilities approach and make the results of the
Security Assessment more objective.
The table below fully describes each level of vulnerabilities and ties to CVSS
| Severity | CVSS | Description |
|---|---|---|
| Informational | This level refers to vulnerabilities that do not pose an immediate security risk or require exploitation. Instead, they provide valuable information or insights about the system's configuration, weaknesses, or potential areas for improvement. While they may not directly lead to a security breach, addressing these informational vulnerabilities can contribute to overall security enhancements and proactive risk mitigation efforts. | |
| Low | CVSS 0.1 - 3.9 | This level encompasses vulnerabilities with a low exploitation difficulty and low level of access. These vulnerabilities pose a relatively lower risk to the system's security as they are easier to exploit and grant minimal access privileges to potential attackers. While they still require attention and remediation, their impact is limited due to the restricted level of access gained. |
| Medium | CVSS 4.0 - 6.9 | Vulnerabilities falling under this level have a moderate exploitation difficulty but the access level which can be gained by the attacker is greater compared to low-level vulnerabilities. They represent a medium level of risk to the system's security. Although they may be more challenging to exploit compared to low-level vulnerabilities, they still do not pose an immediate and severe threat. Appropriate measures should be taken to address these vulnerabilities promptly to prevent potential exploitation. |
| High | CVSS 7.0 - 8.9 | Vulnerabilities categorized as high-level vulnerabilities have a low exploitation difficulty and grant a higher access level for the attacker in case of successful exploitation. These vulnerabilities pose a significant risk to the system's security and require immediate attention. While they may be more challenging to exploit, their potential impact is substantial. Timely remediation and mitigation measures should be implemented to address these vulnerabilities effectively. |
| Critical | CVSS 9.0 - 10.0 | This level encompasses vulnerabilities with a low exploitation difficulty but the highest access level granted to the attacker in case of successful exploitation. These vulnerabilities are considered critical and pose the most severe threat to the system's security. Immediate action should be taken to remediate and address these vulnerabilities to prevent potential unauthorized access and significant security breaches. |
The main deliverable of the Security Assessment project is the Security
Assessment Report including:
The conducted Security Assessment is valid on the date of the report
submission. The description of findings, recommendations, and risks was valid
on the date of submission of the report. Any projection to the future of the
report's information is subject to risk due to changes in the Infrastructure
architecture, and it may no longer reflect its logic and controls.
