External Penetration Testing
An external penetration test simulates the actions of an attacker trying to breach an internal network without any internal resources or prior knowledge. Our Security engineer collects sensitive information using open-source intelligence (OSINT), such as employee details and historically breached passwords, which can be used to target external systems and gain access to the internal network. Additionally, the engineer conducts scanning and enumeration to detect potential vulnerabilities that could be exploited to achieve network access.
Our Approach
All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
Planning
Rules of engagement are obtained and customer goals are collected.
Discovery
To find potential weaknesses, exploits, and vulnerabilities, we do enumeration and scanning.
Attack
Verify possible weaknesses by exploiting them, and carry out more research after gaining new access.
Reporting
Document all discovered exploits and vulnerabilities, unsuccessful attempts, and the company's advantages and disadvantages.
Thorough Testing
Activities performed during external penetration testing include, but are not limited to:
- Vulnerability scanning and exploitation
- Social media intelligence gathering
- Enumerating third parties for data leaks (S3 Buckets, GitHub, etc.)
- Attacking login portals (Website, O365, VPN, etc.)
- Username and account enumeration
- Multi-Factor Authentication (MFA) bypassing
- Breached credential intelligence gathering
- Service, port, and website enumeration
- Other testing depending on specific customer content and footprint
Discover How We Can Protect Your Assets
Reach out to learn how Ouroboros Security can address your cybersecurity challenges. Call us, send an email, or complete the contact form below to begin securing your organization today.