• Home
  • Penetration Testing

Penetration Testing

Penetration Testing uses an intrusive approach to discover security weaknesses in the organization’s IT infrastructure and applications.  Penetration testers would attempt to exploit identified security weaknesses to gain privileged access into the IT infrastructure and applications.  Such approach emulates a real attack, and would determine the robustness of the organization’s IT infrastructure in protecting sensitive information.

The difference between vulnerability assessment and penetration testing is that the former helps to discover the security loopholes present in organization’s systems but does not exploit the vulnerabilities. The latter is employed to demonstrate how damaging security vulnerabilities could be in a real cyber-attack.  As these two approaches serve different purposes, they are often used in tandem to provide a comprehensive picture of the security deficiencies that exist within the IT infrastructure and applications, and the potential impact.

While most security testers treat network penetration testing like a commodity service that can be completed by checking boxes on a form, CoreRecon takes a dramatic approach. CoreRecon has learned from years of experience that while finding and exploiting vulnerabilities is important, what’s more useful is testing a client’s monitoring, detection and response processes.

Internet-based assessment

While most organizations can protect themselves from random Internet attacks, CoreRecon recognizes a lack of focus on attacks targeted against an organization. Since stateful firewalls have become ubiquitous due to their affordability, most purely technical attack vectors have been mitigated. This is why CoreRecon offers a less technical, business-oriented approach to Internet security assessments. Starting with an understanding of the nature of your business, its reliance on information and what potential risks and threat actors may benefit from a compromise, he creates a profile of how your company looks to a would-be attacker. CoreRecon creates this profile using state-of-the art open source intelligence (OSINT) techniques. This profile also provides potential attack scenarios that are then played out over the Internet with monitoring, detection and response functions in mind. While direct social engineering attack techniques are not normally included in this testing, much of the human nature involved in access control mechanisms (e.g. creative password guessing) are.

Internal LAN (wired)

Most organizations have a hard exterior but a soft interior. Most exploitable vulnerabilities are found on the inside of an organization’s network. Most penetration tests fail in two major areas. As previously mentioned, the monitoring, detection and response capabilities are seldom tested. But there’s another shortcoming of most penetration tests: They don’t get to the true business impact of a security compromise. Whether it’s sensitive customer data leakage, proprietary business process information or just the risk to continued business enablement (think Denial of Service), most penetration tests end where they really should begin. For example, on a recent test for a casino, CoreRecon was able to compromise administrative credentials on the client’s windows domain within the first day of testing. This situation is actually fairly common. What the client found much more valuable, though, was the fact that CoreRecon found a database that housed the upcoming Keno numbers. With this information, an attacker could take the casino for millions of dollars without getting caught. Mapping out how this scenario would work and how the client could implement multiple protective and detective controls to mitigate the risk is the true value of penetration testing as a professional consultant.


Wireless network penetration testing is often misunderstood due to the many forms of wireless communications and the nature of those communications. Most consulting firms limit their wireless network penetration tests to 802.11 (WIFI) network infrastructure components. While those components are important to assessing risk due to wireless protocols, they really are a small part of the bigger picture. For example, Bring Your Own Device (BYOD) has opened up multiple new avenues for attackers to leverage for unauthorized access to sensitive information. The reason many organizations are not addressing this risk is for fear of violating their employees’ privacy. Having years of experience in social engineering helps CoreRecon handle these situations with employees to present findings in a non-threatening way. In addition to WIFI networks, other forms of wireless communications may represent even more risk to the organization, such as RFID, Bluetooth, Infrared and Near Field Communications (NFC). In fact, many Closed Circuit Television (CCTV) systems are tuned to a specific channel that can be changed using an infrared remote control. Using this knowledge, an attacker could disable critical monitoring systems using an inexpensive universal remote controller.


Did you know?

$32,000 is the average cost per DAY of a cyber attack on a business.