Call Us: 0044-20-3786-8916
Email: info@bhaved.com   
Ethical Hacking

Our Black Box Penetration Test (Ethical Hacking Service) cycle walks through a series of tasks specially designed for the identification of vulnerabilities of assets exposed to the public domain. Each step is a result of carefully and meticulous researched study, which follows a proven methodology. Every stage of the methodology generates an output that may serve as a piece of information for individual reporting or as input for a subsequent task.

 

Bhaved Solutions Black Box Penetration Test (Ethical Hacking Service) methodology comprises four phases.

 

Phase 1: Enumeration

 

Network Surveying:

This step involves gathering Client information pertaining to the public domain through web sites, mail servers, public records and databases. This allows the team to discover and enumerate the target systems to be tested.

 

Port Scanning:

 

Port scanning is the process of probing system ports on the transport and network level of the target systems. Port scanning is used to enumerate live or accessible Internet services. Here, the scan is run in various modes such as connect, SYN, FIN, Xmas, Null, UDP, and FTP Bounce to identify the operating system, version and lists of services running on a target host.

 

System Fingerprinting:

 

System fingerprinting is the process of probing target systems to confirm host operating systems and version levels. This process also gathers other explicit and implicit information about target systems.

 

Router ACL, Firewall Testing:

This step involves using different methods to discover the routers and firewalls (from default ports, IP stack and TCP/IP fingerprinting). The  Bhaved Solutions team will also use various techniques and tools to attempt the penetration of the firewall to reach target hosts.

 

Phase 2: Vulnerability Discovery

 

In this phase the  Bhaved Solutions Penetration Test team identifies, understands and verifies the weaknesses, misconfigurations and vulnerabilities of target hosts and maps the profile of the environment with the information gathered. This task involves:

Ø  Running vulnerability assessment tools against target hosts

Ø  Discovery and enumeration of the vulnerabilities of target hosts

Ø  Matching of discovered vulnerabilities to services

Ø  Collection and categorization of all vulnerabilities according to

applications and operating systems

 

Vulnerability Scanning:

 

The  Bhaved Solutions team will use various commercial / non-commercial / proprietary tools to discover and enumerate vulnerabilities at different levels such as OS, Services & Applications.

 

Phase 3: Gaining Access and Privilege Escalation (Subject to Client’s Approval)

 

Attempting Brute Force:

 

The  Bhaved Solutions team will run various brute-force attacks to attempt the acquisition of passwords and discover weak passwords of Applications, Services and OS accounts.

 

IP Attacks:

 

In this step, the  Bhaved Solutions team will run various DOS, DDOS and other attacks on discovered and enumerated services.

 

Gaining Access to Target Hosts:

 

Based on the vulnerabilities enumerated in Phase 2, the  Bhaved Solutions team will attempt the exploitation of these vulnerabilities to gain unauthorized access to target hosts.

 

Leaving Traces:

 

Dependent on the success of each exploit, the  Bhaved Solutions team will leave traces as proof of compromise, where able.

 

Privilege Escalation:

 

Dependent on the success of the  Bhaved Solutions team’s gaining valid user access, all possible privilege escalation will be attempted and documented.

 

Phase 4: Reporting and Documentation

 

Ø   Summary of OS / Service / Application Vulnerabilities discovered

Using automated tools

Ø   Summary of manually identified Vulnerabilities

Ø   Traces left behind on compromised hosts

Ø   Recommendations for vulnerability (and impact) mitigation

 

 

< /br> Please contact us for further details.