How Lucid Security Conducts an Internal Penetration Test

Lucid Security conducts Internal Penetration Tests (Internal Pentest) based on the goals and needs of our clients. Generally the target goal for an Internal Pentest is to achieve complete domain compromise via gaining Domain Administrator access from either having no user credentials, or by starting with a set of low-level domain user credentials. But let's take a step back and cover the entire process from start to finish, while also covering logistics.

Scoping Call

First and foremost, there should be a scoping call to gain a better understanding of the client's network and infrastructure. Considerations include, but are not limited to, number of physical locations, number of IP addresses / devices on the network, compromise goals, what's driving the assessment (compliance, best practice, etc.), and more. This will not only determine the overall cost, but will determine the amount of time required to conduct the assessment and deliver the final report.

Kickoff Call

The kickoff call is a great opportunity all parties involved in the project to get together and talk logistics and ask any questions. Not all environments are the same and it's important for the client IT / Security team to express any areas which may be sensitive in nature such as SCADA or IT/OT devices which require strict manual testing and minimal to zero scanning.

R.O.O.K. Shipping & Setup

Lucid Security ships out and employs our custom testing box dubbed the R.O.O.K. (Remote Offensive Operations Kit) to conduct tactical onsite assessments such as an Internal Penetration Test or Wireless Penetration Test.

Once the device has been received by the client and plugged into the network, the ROOK automatically calls back to Lucid Security infrastructure, allowing our Penetration Testers to conduct assessments remotely from virtually anywhere in the world.

Testing

Once a valid connection is established, Lucid Security will communicate with the client that the test is officially starting via email. Depending on the network size and client requirements, testing can take anywhere between a few days to a few weeks. During this active testing phase, Lucid Security will actively be looking for vulnerabilities and weaknesses within the clients internal network. This includes but is not limited to system vulnerabilities and weaknesses, default credentials on printers and other devices, Active Directory weaknesses, weak passwords, etc.

Lucid begins the assessments with no credentials or special permissions and attempts to obtain a foothold on the network, and subsequently escalate privileges and move laterally. In the event Lucid does not obtain a foothold, it is recommended that a low-level user account is provisioned under an assumed breach scenario to allow the penetration testers to perform authenticated testing.

Reporting

Once testing is complete, Lucid Security will begin the reporting phase and document the assessment to include findings and vulnerabilities, with detailed recommendations and guidelines to remediate the issues. Each report undergoes a thorough and comprehensive Quality Assurance phase in which a peer will review the findings and the report to ensure the vulnerabilities have been accurately reported and the report is client ready.

While Lucid Security does not perform hands-on remediation, the team remains available for the client to reach out should they have any questions regarding the findings and the appropriate recommendations to address the issue.

Optional Report Readout

Once the report has been delivered to the client, an optional report readout may be scheduled per client request. While this is optional, it is encouraged as it is a great opportunity for the client to ask any questions and receive additional context from the penetration testers who conducted the actual assessment.

Optional Retesting

Lucid Security offers retesting for free after 90-days of completion of the assessment. While this is optional, it is highly encouraged for clients to take advantage of. In the retesting phase, Lucid Security will conduct a one-time retest once the client has remediated either all of the issues, or the top issues most important for their organization. The retest does not identify new issues, but simply is a targeted check to ensure findings initially identified have been properly remediated.

Once the issues have been checked by Lucid Security, the report will receive a new version and the issues will be marked as "Remediated", "Partially Remediated", or "Open".

Summary

An Internal Penetration Test is always a worthwhile assessment to have conducted for any organization as it can highlight vulnerabilities, weaknesses, and misconfigurations within a network before an attacker can identify and leverage them. Lucid Security consists of seasoned security professionals with decades of experience in security and penetration testing. Our unique and competent perspective enables us to enhance clients environments. Please contact us today to learn more about our services and how we can make your organization more secure.