How Advanced Penetration Testing
Can Help Beat the Hackers
Penetration testing is vital for risk management. Thorough, Advanced Pentesting provides a realistic demonstration of what would be the result of the attack without having to be the victim. This allows risks to be evaluated with the ability to gain a good perspective of potential costs.
In general, real attackers have a long period of time to identify potential ways to gain access to a system or network. Therefore, the longer time a tester gets to perform a penetration test, the more realistic the results of that penetration test shall be.
As every application or environment is unique, a certain period of time is already needed to really understand the application or environment that needs to be tested.
Furthermore, performing small (pen)tests means there is less time to perform manual tests and verify/develop vulnerabilities. More time means that more manual testing can be done and the tester has more time to think of specific, unique and realistic attack scenarios.
Moreover, a test of 7 or more days means that potentially more than one tester can be on the test, and two heads are better than one.
Listed below are examples of extensive/additional tests that are performed when a tester has more days to test a specific application or environment.
This involves extensive fingerprinting of components in use to determine their version numbers can be a time consuming job. However, security track record checks of that specific software and version number can result in finding vulnerabilities that subsequently can be exploited to gain further access, or even compromise the application or environment.
01 Extensive Software Security Track Record
02 Exploitation of Found Vulnerabilities, or Bypassing Implemented Security
Measures to Gain Further Access into the Network
Certain interfaces or functionality can be hidden or protected within an application or environment. Given enough time to break the protection or discover the hidden functionality, a tester can reveal much more information or even gain further access into the network.
Password cracking attacks can take significant time, but can result in gaining an essential piece of information that can subsequently be used to gain further access into the target application or network.
03 Advanced Password Cracking Attacks
04 Advanced Brute Force Attacks
Brute force attacks on specific identified interfaces, for example the ones that lack account lockout, can result in easy access to such interfaces and possibly further access into the target environment. However successful brute force attacks can take a lot of time to perform (days). In a short pen test, it is not possible to conduct an effective test attack in this way.
Decompiling or reverse engineering techniques take some time to perform but can lead to discovery of essential information, e.g. hidden functionality, application inner workings or account data.
05 Decompiling/reverse engineering of applications or application components
06 Download publically available source code of software in use, to look for
vulnerabilities not traditionally found in a short pen test
When (for example) an open source CMS is used, downloading and reviewing the source code of that CMS can reveal a lot of useful information to a tester, e.g. hidden functionality, administrative URL’s or vulnerabilities but takes additional resource and time to conduct effectively.
Many advanced attacks and specific attacks against targeted customers can be found on the dark web. We have indexes of both the traditional dark web as well as the non-indexed content. Reviewing specific intel related to the software in use or the customer/company under review, can aid significantly in compromising a target application or network. This research takes time to conduct.
07 Enumerating the Dark Web
Average 7 days of testing
Utilises manual, ethical hacking to discover more vulnerabilities based on real attack scenarios
Potential for more than one tester to interrogate more deeply
Review of deep web threat intelligence
Average 3 days testing
Often automated scanning only with very little time to perform manual tests
Focuses on known vulnerabilties.
Limited reporting or suggested remediation.
Advanced Vs Simple Pentesting
This information was collated for you by ZeroDayLab Security Consultants
Find out more about ZeroDayLab's 360° Approach to Total Security Management at