A
In work package one, the test includes the “external perpetrator” scenario. This scenario is used to simulate a “classic” external hacker attack. An attacker attempts to gain access to systems and data from outside without any further information or access data. This work package identifies weaknesses such as the following:
- Use of outdated software
- Directory Bruteforce
- Missing rate limiting
- Use of insecure encryption methods
- Missing HTTP header
- Remote Code Execution
- Cross-site request forgery
- Disclosure of sensitive data
- Insecure default credentials
During the investigations in this work package, many different tools and manual techniques are used to identify vulnerabilities. This includes the following techniques and attacks:
- OSINT analysis
- Portscanning
- Vulnerability Identification
- Man-in-the-middle attacks on encrypted communication
- HTTP header analysis
- Bruteforce of login fields
- Authorization Testing
- Directory Enumeration
- Testing of default credentials
Social engineering methods, such as phishing, are not part of the attack. The aim of this work package is to answer the following questions in relation to the external systems:
- Can systems be used without authorization without valid access data?
- Can an attacker access confidential data?
- Is an attacker able to change data without authorization?
- Are the encryption techniques used up-to-date or can they be circumvented?
- Can the internal network be accessed via the target system?
- Can an attacker obtain higher authorizations?
- Can authentication mechanisms be bypassed?
- Is outdated software being used?
In this work package, attacks on the client’s internal network are simulated. This assumes an attacker model with unauthorized access to the internal company network. The aim of this work package is to gain access to internal services and systems and thus take over the internal network. Weak points such as the following can be identified:
- Use of outdated software
- Insecure default credentials
- Missing or inadequate encryption procedures
- Insecure router configuration
- Missing network separation
- Remote Code Execution
- Use of outdated protocols
- LLMNR Spoofing
- Use of NTLMv1 hashes
- Missing client isolation
- Information prizes
During this work package, different techniques and methods are used in the internal network. This can also be used to evaluate the logging of security incidents. During the test, these attacks, among others, are carried out:
- Portscanning
- Password spraying
- Golden/Silver Ticket
- LLMNR/NBT-NS/mDNS spoofing
- SMB relay attacks
- IDS and IPS Evasion
- Default Credentials
- Man-in-the-middle attacks on encrypted communication
- Authorization Testing
- HTTP header analysis
- Bruteforce of admin panels
- Bypass firewall filtering
Social engineering methods, such as phishing, are not part of the attack. The aim of this work package is to answer the following questions relating to internal systems and networks:
- Can network areas be accessed without firewall activation?
- Can systems be used without authorization without valid access data?
- Can an attacker access confidential data?
- Are encrypted connections used throughout the internal network?
- Can insecurely configured file shares be identified?
- Can external network areas be accessed via jump hosts?
- Can an attacker gain higher authorizations in the Active Directory?
- Can authentication mechanisms in the Actice Directory be bypassed?
- Is outdated software being used?
This work package simulates an attack by a “hacker” on a web application. In addition to attacks without authentication, attacks are also carried out which can only be carried out by authenticated users. The client therefore provides access data for each hierarchy level for this work package.
During such a penetration test of a web application, vulnerabilities such as the following can be identified:
- Stored/Reflected Cross-Site Scripting
- SQL injections
- Insecure Direct Object Referencing
- Template Injections
- NoSQL injections
- Authorization Bypass
- Unrestricted file upload
- Insecure HTTP headers
- Information prizes
- Directory Bruteforce
- Missing rate limiting
- Insecure encryption methods
- Business Logic Flaws
During the analysis of a web application, various methods and techniques are used to examine the application for vulnerabilities. Methods such as the following are used to search for vulnerabilities:
- Subdomain Enumeration
- Directory Bruteforcing
- Improper Access Management
- Rate limiting
- Injection Testing
- Testing of insecure server configurations
- Insecure Design Flaws
- Server-side request forgery attacks
- Broken Access Control
- Cryptographic Failures
No social engineering methods such as phishing are used when carrying out the security analysis of a web application. Furthermore, denial-of-service tests, which generate a high load on the server, are not used.
An external attacker tries to use the information you provide to gain malicious influence on the web application and attempts to detect and exploit security vulnerabilities. (If applicable: The different hierarchy levels are considered here. AWARE7 receives an access for each hierarchy level).
Identification of attack vectors and vulnerabilities as part of a legitimized role within the applications. In particular, the focus is on “insider threats”. The aim of this work package is to answer the following questions in full:
- Can data be accessed without authorization?
- Can requests be manipulated in the backend and thus reach background systems?
- Can the program flow of the web application be manipulated and controlled?
- Is it possible to manipulate database queries and thus access sensitive data?
- Is there confidential data on the web server that can be accessed?
- Is it possible to access other users’ data?
- Can the encryption techniques used be circumvented?
- Is it possible to gain access to the file system?
- Can an attacker gain unauthorized access?
- Is it possible to bypass the login and thus the authentication mechanisms?
