Network pentests attack the actual network devices such as firewalls, routers, printers, servers and workstations as well as users. In a network pentest, the objective for the HoganTaylor team is to break into a network and determine the amount of damage possible with the weaknesses found. Once an external device is compromised and gives access to the internal network, the HoganTaylor team will continue probing the internal network to determine just how far an intrusion can go.

HoganTaylor has a signature Three Phase Pentest. The three-phased test takes three to four weeks to complete and includes the following testing activities.

Phase 1

During phase 1, the HoganTaylor team is given the name of the company and an emergency contact. A HoganTaylor employee separate from the testing team will be the gatekeeper during phase 1. As the testing team identifies possible external devices within the scope of the attack, they are validated to ensure the device is owned by the target and within the scope of the audit. This phase emulates a true external hacker.

Phase 2

During phase 2, the HoganTaylor team is given a list of target IP addresses and a brute force attack is started. This phase is a gray box test and more closely emulates an attack from someone who has a relationship with the target network, such as a vendor or customer.

During phase 2, social engineering testing is also started. This is designed to test the human component and awareness of security. An attempt to gain access to the target network will be made by sending realistic looking emails to employees to trick someone into revealing information that can be used to attack systems or networks. This type of attack will put your employee’s information security training to the test. When a social engineering element is added to a pentest, it provides a look into how your staff will respond that can’t be foreseen with a survey or training quiz. More importantly, it gives the organization a better understanding of what could happen if they are not careful and guarded with the access with which they have been entrusted. There is a saying in the Navy that goes back to World War II: “Loose lips sink ships.”, but until it is made real to people they will not understand the saying and its consequences.

Phase 3

During phase 3, the HoganTaylor team is allowed to see any required platform/configuration documentation necessary and ask relevant questions of the network administrators or management to complete the engagement. This phase is important to ensure all of the devices within the scope of the engagement have been tested.

The Benefits of Our Three-Phase Methodology

By using the three-phased methodology, HoganTaylor can show what level of compromise could be achieved by each of the vantage points discussed above.

In the final report, HoganTaylor will list and discuss all vulnerabilities found, the extent to which those vulnerabilities were exploited, and the extent to which those vulnerabilities can be expected to be exploited in the real world. In the report, a complete list of methods and tools used for the test will be provided, as well as discussion about each method or tool’s usefulness and functionality as it pertains to weakening or defeating your network defenses.

Your Attack & Penetration Services Team

The Network Attack and Penetration team consists of certified professionals with extensive experience with TCP/IP, networking, and OS knowledge; advanced knowledge of network and system vulnerabilities and exploits; knowledge of techniques to evade security detection. Our personnel have backgrounds in conducting assessments for the Department of Defense, law enforcement, and the private sector.