Karim Zaki

Penetration test and assessment


Feature

Penetration Testing

Assessment Tools

Purpose

To identify and exploit vulnerabilities

To identify potential vulnerabilities

Approach

Active

Passive

Scope

Broad

Narrow

Cost

High

Low

Duration

Long

Short

Expertise

Requires skilled security professionals

Can be used by non-technical users

Description

A penetration test is an active process where a security professional attempts to exploit vulnerabilities in a system or network. This is done to identify and fix security weaknesses before they can be exploited by attackers.

An assessment tool is a passive tool that scans a system or network for vulnerabilities. It does not attempt to exploit vulnerabilities, but it can help identify potential problems.

Example

A penetration test might involve a security professional trying to log into a system with a stolen password, or trying to exploit a known vulnerability in a web application.

An assessment tool might scan a system for open ports, or look for known vulnerabilities in software installed on a system.

Which one shall we use

If you are concerned about the overall security of your systems and networks, then a penetration test may be a better option. However, if you are concerned about a specific vulnerability, then an assessment tool may be sufficient.

The best approach to security assessment will depend on the specific needs of the organization.

 

 

Penetration Test

Purpose

Product Name

Microsoft Alternative

What it is Testing

OSI Model Layer

MITRE ATT&CK Framework

Black box penetration testing

To identify and exploit vulnerabilities in a system or network that an attacker would not have prior knowledge of.

Nexpose

Microsoft Defender for Endpoint

The security of a system or network without any prior knowledge of the internal structure or configuration

Physical, Data Link, Network, Transport, Session, Presentation, Application

Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion

Grey box penetration testing

To identify and exploit vulnerabilities in a system or network that an attacker would have some knowledge of.

Nessus

Microsoft Defender for Identity

The security of a system or network with limited knowledge of the internal structure or configuration

Physical, Data Link, Network, Transport, Session, Presentation, Application

Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion

White box penetration testing

To identify and exploit vulnerabilities in a web application, including those that are not publicly known.

AppScan

Microsoft Application Security Testing (AST)

The security of a web application with full knowledge of the source code

Physical, Data Link, Network, Transport, Session, Presentation, Application

Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement, Collection, Command and Control

Social engineering penetration testing

To assess the susceptibility of users to social engineering attacks, such as phishing emails and malicious websites.

Social-Engineer Toolkit (SET)

Microsoft Defender for Office 365

The susceptibility of users to social engineering attacks

Application

Initial Access

Wireless penetration testing

To identify and exploit vulnerabilities in wireless networks, such as weak passwords and unencrypted traffic.

Aircrack-ng

Microsoft Defender for IoT

The security of wireless networks

Physical, Data Link, Network

Initial Access, Execution

Network penetration testing

To identify open ports and vulnerabilities on a network, which could be exploited by an attacker to gain access.

Nmap

Microsoft Security Assessment and Auditing (MAA)

The security of networks, including identifying open ports and vulnerabilities

Physical, Data Link, Network, Transport

Initial Access, Execution, Lateral Movement

Host penetration testing

To identify and exploit vulnerabilities on a host, such as unpatched software and misconfigurations.

Metasploit

Microsoft Defender for Endpoint

The security of hosts, including identifying vulnerabilities and exploiting them

Physical, Data Link, Network, Transport, Session, Presentation, Application

Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement, Collection, Command and Control

Published by Karim Zaki

• MBA Major MIS • MCP (Microsoft Certified Professional) Windows XP. • Microsoft Certified in (Managing and Maintaining Microsoft server 2003). • Microsoft Certified in (implementing, Managing, and maintaining a Microsoft windows server 2003 infrastructure) • Microsoft Certified in (Maintaining a MS Win Server 2003 Active Directory) • MCSA 2003 • ISA 2006 Microsoft Internet Security and Acceleration Server 2006, Configuring • MCTS Microsoft Certified Technology specialist • MCITP 2008 (Microsoft Certified IT professional) • MCSA 2012 Server (Microsoft Certified solution Associate) • AZURE Administrator Associate (AZ-103) • MS 365 Identities and services (MS-100) • MS 365 Mobility and security (MS-101) • Microsoft 365 Certified: Security Administrator Associate (MS-203) • Microsoft 365 certified enterprise administrator expert (MS-500) • Messaging Administrator Associate (MS-203) • Azure Security Engineer Associate (AZ-500) • Information Security: Context and Introduction • Microsoft Security Operations Analyst

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.