External Pentest
Note: This External Pentest section is in progress.
External Pentest Methodology
- An external pentest is an attempt to hack into a client’s network from an external location outside of the network.
- You take on the role of an external threat but your goal is only to break into the network and discover vulerabilities.
- This doesn’t mean pwning anyone. All you have to do is find all of the vulnerabilities, put them into a report and present them to the client.
The Process
- Information gathering
- Open Source intelligence
Steps
- Collect and organize all of the information about employees.
- Guess and discover passwords and their format.
- Find passwords that have been used before.
- Break into email accounts, VPN accounts and the network.
- Bypass protections, security, multi-factor, 2FA, etc.
- Once you’re on the network you need to elevate permissions.
Goals
- Try keeping the mindset that you’re hacker and you want hack into the network to get sensitive information.
- To be successful you must completely understand the attack methodology of an external pentest.
- You must have a strong skillset, good client relations, understand the rules of engagement and report writing.