vPENTEST 

Network Penetration Testing

Penetration Test vs Vulnerability Test

A vulnerability assessment essentially just tells the customer that the door is unlocked; however, a penetration test actually tells the customer that, because the door is unlocked, we found an unlocked safe, unsecured jewelry, credit cards, and social security numbers laying around on the bed. It also explains how you could secure the door next time, how to protect the confidential data laying around on the bed, and then some.

What a Vulnerability Test will find:

‣ Patching vulnerabilities
‣ Default passwords amongst services
‣ Configuration deficiencies
‣ False positive vulnerabilities
(e.g. flagging services based on version numbers, not knowing if patches are applied)

What a Penetration Test will find:

‣ Weak domain user account passwords
‣ Sensitive files stored on network shares
‣ Sensitive data within databases
‣ Weak password policies
‣ Network share permission issues
‣ Man-in-the-middle attacks and possibilities

Scope and Methodology

GTG Network provides the ability for organisations to perform a variety of security assessments, including vulnerability assessments as well as penetration tests.

External Network Vulnerability Assessment

Vulnerability Analysis – The only process performed during an external vulnerability network assessment is a vulnerability analysis. This includes performing a vulnerability scan across all systems that are accessible via the Internet using a database of known vulnerabilities. All vulnerabilities discovered during this process use the severity rankings and other data extracted from the vulnerability scanner. We do not attempt to manipulate any severity rankings or any information produced by the vulnerability scanner.

Internal Network Vulnerability Assessment

Vulnerability Analysis – The only process performed during an external vulnerability network assessment is a vulnerability analysis. This includes performing a vulnerability scan across all systems that are accessible via the internal network environment using a database of known vulnerabilities. All vulnerabilities discovered during this process use the severity rankings and other data extracted from the vulnerability scanner. We do not attempt to manipulate any severity rankings or any information produced by the vulnerability scanner.

External Network Penetration Test

The internal and external testing phases are similar in many ways, with the exception of leveraging Open-Source Intelligence (OSINT). These assessments take a comprehensive approach to identifying security vulnerabilities which expose systems and services to potential threats. To accomplish this goal, our consultants leverage a number of resources and techniques to identify, enumerate, and exploit the targeted systems.

Internal Network Penetration Test

During the information gathering process for the internal network penetration test, our consultant attempts to learn more information about the internal network environment based on information available without conducting any attacks. Such information including DNS names and FQDN learned from DHCP and internal DNS records.

Information Gathering

During the information gathering phase, we leverage several publicly accessible sources in order to gather as much information about the organisation’s environment as possible. This includes doppelganger domains, IP address ranges (if possible), usernames, vulnerabilities listed from sites such as Shodan, as well as metadata harvested from files. Additionally, this process includes analysing publicly available DNS records to identify information that may be valuable during an attack, such as additional CNAME records, the lack of MX records, etc.

Host Discovery

We leverage several techniques to facilitate host discovery techniques, including ping sweeps and port scans. Using tools such as Nmap and Masscan, we are able to perform several attempts to identify active systems within the ranges provided to us. This list of discovered hosts is then fed into the platform to facilitate the remainder of the penetration test, including enumeration, exploitation, as well as post-exploitation.

Enumeration

After obtaining a list of active systems from the host discovery process, the next phase that we perform is enumeration of information. This is based on the ports that were found open within the host discovery process. This process is supported by a combination of tools, including Nmap, Metasploit, Hydra, and proprietary tools. Furthermore, we also analyse network-layer traffic to determine if any vulnerabilities could be discovered, such as the presence of broadcast protocols that may lead to exploitation.

Exploitation

If a security vulnerability is discovered from the enumeration process, we attempt to perform exploitation against the network service with the intention of gaining remote command execution on the compromised system.

Post Exploitation

After successfully gaining access to a compromised system from the external network environment, we attempt to perform the steps of an internal penetration test with the intention of gaining further access into the internal network environment. This includes pivoting, extracting information from the systems that may be useful for privilege escalation and lateral movement, and more.

Information Gathering

During the information gathering process for the internal network penetration test, our consultant attempts to learn more information about the internal network environment based on information available without conducting any attacks. Such information including DNS names and FQDN learned from DHCP and internal DNS records

Host Discovery

We leverage several techniques to facilitate host discovery techniques, including ping sweeps and port scans. Using tools such as Nmap and Masscan, we are able to perform several attempts to identify active systems within the ranges provided. This list of discovered hosts is then used to facilitate the remainder of the penetration test, including enumeration, exploitation, as well as post-exploitation

Enumeration

After obtaining a list of active systems from the host discovery process, the next phase that we perform is enumeration of information. This is based on the ports that were found open within the host discovery process. This process is supported by a combination of tools, including Nmap, Metasploit, Hydra, and proprietary tools we developed. Furthermore, we also analyse network-layer traffic to determine if any vulnerabilities could be discovered, such as the presence of broadcast protocols that may lead to exploitation.

Exploitation

With as much information enumerated as possible, our consultants perform exploitation, attempting to gain remote access to services or systems. Using tools including (but not limited to) Metasploit, Impacket, CrackMapExec, and proprietary exploitation scripts, We exercise extreme caution to only execute exploits that are known to be safe and avoid negative impact to the confidentiality, integrity, or availability of systems and/or resources.

Post Exploitation

We use the information gathered within the enumeration and exploitation phase of the penetration test to facilitate post exploitation. The objective of post exploitation is to gain as much access to the environment as possible, followed by the enumeration of sensitive information. This is supported by tools such as Metasploit, smbspider, Plunder, and other tools within Kali Linux. Additional tools are used to parse information extracted from this process with the intention of discovering sensitive information such as credit card numbers, social security numbers, passwords, and more.

Headquarters
Suite 215 111 Harrington St The Rocks, NSW 2000

Business hours:
8:30 AM – 5:30 PM
Monday – Friday

Sydney MSP ©2025. All Rights Reserved. | Sitemap