May 25, 2021

Internal pen testing

Hello guys,
We are conducting internal pen testing and it’s done by third party.

I ran Nessus scanner and fixed most of the critical vulnerabilities. I don’t want to get hacked even though it’s fine. Is there anything I can do so when the try to run their tools they aren’t able to do much.
They will be pen-testing against ad, VMware, aps, file shares, network switches. I have tighten up the firewall config followed all the best practice.
Any suggestion?
What do I typical pen-testing look like?

Comments

wowneatlookatthat

IMO you shouldn’t try to hastily fix things right before they start testing, unless there’s something REALLY critical that you already know about and had plans to fix in the near future. It’s better to let them identify the real problems, then (hopefully) provide you with a list of priorities.

Every pentester is different, but generally they’ll start from their initial entry point and perform recon (think port scans, service enumeration, high level overview of webapp logic, etc.), look for low hanging fruit, exploit, rinse and repeat.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.