Chapter 2. Assessment Workflow and Tools

This chapter outlines my penetration testing approach and describes an effective testing setup. Many assessment tools run on Linux platforms, and Windows-specific utilities are required when attacking Microsoft systems. A flexible, virtualized platform is key. At Matta, we ran a program called Sentinel, through which we evaluated third-party testing vendors for clients in the financial services sector. Each vendor was ranked based on the vulnerabilities identified within the systems we had prepared. In a single test involving 10 vendors, we found that:

• Two failed to scan all 65,536 TCP ports

• Five failed to report the MySQL service root password of “password”

Some were evaluated multiple times. There seemed to be a lack of adherence to a strict testing methodology, and test results (the final report) varied depending on the consultants involved.

During testing, it is important to remember that there is an entire methodology that you should be following. Engineers and consultants often venture down proverbial rabbit holes, and neglect key areas of the environment.

By the same token, it is also important to quickly identify significant vulnerabilities within a network. As such, this methodology bears two hallmarks:

1. Comprehensiveness, so that you can consistently identify significant flaws

2. Flexibility, so that you can prioritize your efforts and maximize return