NaviSec’s Penetration Testing services stand out from the crowd by delivering a wide surface area assessment with lots of depth unmatched by competitors. Lead by our Delta team, you’re in safe hands as our engineers set themselves apart in the industry by developing widely used tools, sharing knowledge through technical blog posts and publishing references that remain the go-to for many professionals.
NaviSec utilizes methods, TTPs (Tactics, Techniques and Procedures) that emulate real attackers as well as follow the Mitre Attack Framework and the PTES Standard.
A Penetration Test delivered by NaviSec is an adversary simulation engagement, consisting of different durations depending on the goal of the engagement.
Black Box Penetration Testing
NaviSec regularly performs entirely blackbox penetration tests, typically lasting anywhere from one week to two weeks (timeframe is subject to modification on a per engagement basis).
A black box penetration test from NaviSec begins with a full asset discovery reconnaissance stage, scope is then compared with supplied scope, enumeration is then performed on discovered and supplied assets to assess against publicly known vulnerabilities. Target company employees are also discovered and enumerated as part of a comprehensive OSINT (Open Source Intelligence) gathering campaign.
A key part of a black box penetration test is that NaviSec is provided with very little information about the infrastructure of your corporation and will attempt to discover as much as possible from external sources, no destructively, like an external attacker.
Common techniques such as the following are regularly performed with a high level of efficacy:
OSINT & Passive Information Gathering (What you can find without interacting with client assets – Public information gathering)
Full asset discovery and enumeration (eye-witness)
Vulnerability Assessment (for large amounts of external assets)
Active Directory auditing and testing
White Box Penetration Testing
A white box penetration test is where NaviSec will be provided with information about the infrastructure, disclosure of code samples, controls and an insiders-view of the infrastructure or application. The goal of a good white box penetration test is to review known controls and validate whether or not they have been implemented correctly.
Controls such as disabling LLMNR in an internal environment can be validated in a white box very quickly and if well documented and supplied, can be tested very quickly. A white box is a very efficient way to validate your network if you already have a very mature security program and you regularly find little on black box penetration testing.
Gray Box Penetration Tests
NaviSec also performs gray box penetration tests. Gray Box sits somewhere between Black and White box penetration tests, it’s a gray area.
Typically, a gray box will involve some level of assumed breach, perhaps a web application with multiple accounts with varying levels of access (to identify vulnerabilities such as IDOR’s and privilege escalation), assumed breach on an endpoint (manually & intentionally loaded payload).
Sample Penetration Test Report
Download our sample Penetration Test Report and see for yourself how we make our reports easily digestible for any roles in your organization.
View our sample report here.
Schedule your next penetration test with NaviSec
Like what you hear? Use the contact form below and get in touch! We believe in using a tailored approach to delivering penetration tests and assessments as no two tests are the same. At NaviSec, we understand that every organization has different needs and goals.