LRS uses the Penetration Testing Execution Standard (PTES) as a framework for running internal and external penetration tests. This allows us to ensure our customers are getting well planned tests, allowing the testers to achieve the best results possible.
Types of penetration tests include:
- White-Box – In this test the testing team has a lot of information available about the target environment. This could include lists of usernames, all IP addresses in scope. This could also include types of defensive tools deployed in the target network. The benefit of this type is the testing team is able to condense the testing into a shorter window as they do not have to perform additional tasks to gather the provided information.
- Grey-Box – The testing team is provided minimal information, this often only includes in-scope IP addresses, and URLs. Physical locations of customer facilities, etc. This can help the team get a start for shorter engagements without a lot of additional effort.
- Black-Box – In this test, the team is provided almost zero information, these take much longer to preform but tend to have a much broader scope to include physical attacks, social engineering, badge cloning, lock-picking, physical and in-person social engineering.
Internal Pivot Testing
This takes the stance that a system has been compromised and is aimed at determining how far an attacker can get inside the environment once a system is compromised.