Types of Penetration Tests
Black Box Testing
In Black Box testing, the penetration tester has no prior knowledge of the client network. He or she has to determine the client’s IP addresses, map the network, and attempt to reach “trophy targets” without any assistance from the client. A “trophy” is a snapshot of items in a client’s database, for example. It may be a file list from an employee’s computer, or it can be something physical like the tester actually walking into a company’s front door to see what physical security exists. In Black Box testing, the client doesn’t know when the testing will occur, and will not know where it is coming from. This is to be able to determine what the regular response would be to an intrusion. Are there alerts? Is the penetration tester blocked? Can the penetration retrieve anything that he or she desires?
A Black Box test is expensive, because it takes considerable time to conduct, but it will tell you where your security has holes. It is thorough, and it is effective. The Black Box test is worth the expenditure, because it will give a true scenario of what a hacker can find with regard to your security posture. It is excellent as a preventative measure, so that the remediation costs can be lowered in the long run. It can help a company determine its Incident Response measures and where the company stands. A pound of prevention is far more effective than a pound of cure.
• A “Blind” Black Box test is when the attacker has no knowledge of the client’s network, but the client is prepared for the attack.
• A “Double Blind” Black Box test is when very a small number of the client’s employees are aware that a test will be taking place. This type of Black Box testing will provide the truest response to an attack.
White Box Testing
White Box Testing is when a client has provided the tester with pertinent information regarding the network.
• Infrastructure information
• Network type
• IP addresses (internal, external, subnets, and masks
• Implentated Firewall rules
• IDS/IPS details
• Alerting systems in place
• Current security implementations
• Company policies
Announced testing is when the IT staff is made fully aware of the testing taking place. The tester is allowed to check the infrastructure in place.
Unannounced testing is when only the upper management is aware of the testing taking place. The tester is able to determine the response rate and type of response from the IT staff to attacks.
Grey Box Testing
In Grey Box Testing, the penetration tester has limited information regarding the client network. Grey Box testing may take place when an auditor needs additional information regarding the client’s network in order to complete Black Box testing. Typically, in Grey Box testing, the client will know when the penetration test is going to take place ahead of time.
Talk to EthicalHat about conducting a penetration test on your network today.
Penetration Testing Team Types
There are different penetration team types that are utilized by the military and large government institutions. Additionally, the National Collegiate Cyber Defense Competition uses the same testing scenarios and puts upcoming students in security through the same paces. A good resource to understand the team types, and scenarios that they run through, can be found here. We explain, in brief the team types below. An additional resource is
Red Team Versus Blue Team: How to Run an Effective Simulation
Red Teams have been in existence the longest for penetration testing team types. Although in truth, a Red Team consists of White Hat hackers, the Red Team takes on the role of true hackers and do everything possible to infiltrate a client’s network. Red Teams will disrupt client services in the same manner that a hacker will. The activities of a Red Team will provide a true assessment of the condition and security of a network, because the client will not know when and how they attacks will happen. These attacks are silent, and you will most likely have no awareness that they are infiltrating your system.
A Red Team can come at you from any direction, and most often, the testing will come from multiple directions with layered attacks. This is how the hackers and attackers work against networks, and a Red Team is trained to think like hackers do. In fact, they use the same tools and scripts that hackers use, in addition to their own. Having come out of the military and large governmental organizations, a Red Team member has been trained to the highest levels. They understand the threat landscape, and keep up with the persistent changes.
Ask EthicalHat about engaging a Red Team today.
A Blue Team is the other side of the Red/Blue Team testing group. The Blue Team is the defender in an attack scenario. It is the Blue Team’s job to use every tool at their disposal in order to protect the network and assets for the client.
Ask EthicalHat about engaging a Blue Team today.
Purple testing is when both the Red Team and the Blue Team work together at the same time. The advantage of having both teams at the same time is that while the Red Team is attempting to infiltrate a network and test the security, the Blue Team is defending it. The combination of both teams gives a real scenario of the issues, what defenses are in place for a network, and what needs to be implemented. The point of the purple team is to determine the best remediation strategies.
Ask EthicalHat about engaging a Purple Team today.