Package 1: Web Applications/API Pen Testing

Testing the security of your web-based applications will allow you to:

• Identify security vulnerabilities and security design flaws affecting your web applications.
• Understand the contextualized risk posed by issues found and the impact of security violations
• Reveal your exposure to internal and external attackers
• Learn your application’s overall security posture and how it can affect your business
• Raise risk and security awareness
• Receive detailed recommendations on how to solve issues found, mitigate identified risks and improve the overall security stance of your web-based applications.

The Web Application / API Security Package for up to 3 web applications, up to 3 user roles, and up to 50 API endpoints cost $5,000. This includes a monthly Vulnerability Assessment to ensure your application security posture is maintained at the highest possible level of security. 

Package 2: External Network Pen Testing

The External Network Security Package mimics the actions of an actual adversary by attempting to exploit weaknesses in network security without the dangers of a real threat. This test examines external IT systems for any weakness that could be used by an external attacker to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organization to address each weakness.

It should be assumed that every actively listening device that is exposed to the internet will constantly be under attack. Examples of listening services that are typically exposed would be email, web, VPN, cloud authentication, cloud storage, etc.

CyberHunter uses the Penetration Testing Execution Standard (PTES) as well as NIST SP 800-115 as the guideline for all external penetration testing covering:

Enumeration/Reconnaissance: This exercise is a precursor to a penetration test and involves scanning the targets for possible vulnerabilities that may be exploitable. Specifically, we are looking for misconfigurations, vulnerable software, weak credentials, and poorly coded software that a hacker could use to infiltrate a server or compromise the application. This phase can cover areas such as:

• Footprinting
• Information Leakage
• DNS Analysis
• System fingerprinting
• Services Probing
• Exploit Research

Exploitation Testing: In this test phase, Cyberhunter will look to manually exploit any weaknesses or vulnerabilities identified in the servers or web application with the objective of breaching it from a black box perspective (i.e. no credentials or knowledge of the systems). Such tests may cover some or all of the following areas:

• Manual Vulnerability Testing
• Verification of Identified Vulnerabilities
• Intrusion Detection / Intrusion Prevention Testing
• Password Strength Testing

The External Network Security Package for up to 5 IP addresses costs.

Package 3: Internal Network Security

The Internal Network Security Package, depending on the objective and methods, can sometimes be referred to as a Red Team exercise or a Post-Breach penetration test and can be used to realistically test the Protective, Detective and Responsive security controls in an organization.  

The questions and measurements being made during testing are:

• Did you stop any of the threatening actions and behaviors performed?  
• If the threats were not stopped, did you see them (event logging)?
• If the threats were observed, did you respond appropriately to them (SOC Team, Blue Team)? 

The testing begins by connecting any internal computer using a VPN client to our cloud-hosted VPN server.  NOTE:  This is a secure connection outbound.  We do not need any inbound connection to the network. Our cloud server will obtain a local IP address on the LAN using DHCP (or static assignment) but no credentials will be provided to the test team. In this case, all tools are maintained offsite and used by the testing team to perform reconnaissance, searching for vulnerabilities and exploitable security misconfigurations, potentially exploiting devices, installing a presence in the network and acting on desired objectives. Activities are aligned with MITRE ATT&CK (https://attack.mitre.org/) and may include:

• Reconnaissance
• Initial Access
• Execution
• Persistence
• Privilege Escalation
• Defense Evasion
• Credential Access
• Discovery
• Lateral Movement
• Collection
• Command and Control
• Exfiltration
• Impact
• Segmentation Validation
• Unlimited users
• Reporting:
• Full Debrief
• Remediation Plan
• Retesting

The Internal Network Security Package on a 3-year term for a Windows Domain environment with a /24 subnet costs $5,000.

Use this tool to choose a package and sign a contract:

Framework for penetration testing:

Penetration testing typically includes the implementation of testing scenarios outlined in the following standards and frameworks:

• OWASP Web Security Testing Guide.
• NIST 800-115.
• SANS TOP 25 Most Dangerous Software Errors.
• WASC Projects.

It is also possible to design custom scenarios, e.g., to check compliance with a certain regulatory standard or resistance to social engineering attacks.