A day in the life of a penetration tester
Introduction
The term “hacker” holds a different connotation today than it did two decades ago. Throughout the 80s and 90s, hackers grew in notoriety as they began to test the security posture of public, private and military services, earning a negative reputation in the process.
In the past, passwords for remotely accessible, sensitive services were often simple like admin:admin (although we still find default credentials today) and security was not a top priority, only an afterthought. Some referred to this era as the “technological golden age.” As a result, individuals with a moderate amount of technical skill were able to access systems such as NASA (true story) and other, highly sensitive military organisations. Thankfully since then security measures and best practices have significantly improved, and systems have become more secure.
Today, the term “hacker” has taken on a new meaning – one of a highly-skilled, respected professional known as a Penetration Tester.
A Penetration Test is a simulation of a cyber-attack on a computer system, but it’s important to remember that the person conducting the test (the tester) has certain boundaries they must abide by. They might have limitations outlined in contracts or agreements, and above all, they must follow the law. It’s important to keep in mind that even though the test simulates an attack, it’s done with permission and under controlled conditions. It’s important to choose reputable penetration testing services, here, we advise you on what to look for in a good penetration testing provider.
A Typical Day for a Pen Tester?
Our typical day looks more like your run-of-the-mill day at the office, with concerns about back posture and ergonomic mice in between client meetings and scoping calls with a coffee in hand, not your cliché teenager wearing a black hoodie with fingerless gloves and a limitless supply of Mountain Dew.
As a penetration tester, no two days are the same, a company’s technology, culture, and habits determine how a penetration tester must develop a custom methodology for attacking an organisation.
One day we might be facing a highly vulnerable target with a multitude of critical/high-risk vulnerabilities, while the next we might encounter a system that is fortified and secure. Our job is to think like attackers and identify weaknesses before they can be exploited.
It’s difficult to describe a typical day for a penetration tester, it’s an inch deep mile wide sort of a job, with some jobs requiring deep dives into subjects we pretend to know about. Other jobs contain a multitude of moving parts where we need to know lots of different things, as work environments and projects can vary widely.
Broadly speaking, Penetration Testers cover four domains which range from testing the security of web applications to conducting social engineering assessments or evaluating external or internal infrastructure penetration testing. No matter the project, our goal is always the same: to help organisations protect their assets and improve their security posture.
To learn more about penetration testing,
click the image to read our extensive
Guide to Penetration Testing.
Scoping the Work
Typically, a penetration testing engagement begins with a scoping call with the client. During this call, we will discuss the client’s specific testing needs and determine the scope of the test. This helps us understand the size and complexity of the project, as well as any specific areas of focus and any off-limit, red-tape areas, so we don’t break anything in production environments or access any world trade secrets (only joking of course). Alternatively, we may send out a comprehensive questionnaire to gather all the necessary information about the client’s environment. This initial conversation or questionnaire helps us get a clear understanding of the client’s needs and allows us to plan and execute the most effective testing approach.
Let’s get down to Testing
During testing, we typically focus on only one domain (social engineering, web application, internal infrastructure, or external infrastructure) due to time and cost constraints. The length of a typical test can vary, but it may involve four days of testing (hacking) followed by one day of report writing, or eight days of testing (hacking) followed by two days of report writing.
I know I sound like a broken record by now, as I’ve mentioned before, but no two days are the same! with every day bringing new challenges and unseen findings in our testing process unique to every company. I’ll try my best to not bore you to sleep and harp on, as there is a lot to cover! I’ll just give you a brief overview of each testing area so you can get back to your incredibly important lives.
Social Engineering
‘hacking the human’ as the cool kids like to say. In the realm of social engineering, you will use your skills in psychology and communication to manipulate people into revealing sensitive information or taking actions that compromise the security posture of an organisation.
There are many types of phishing tests but for the sake of keeping this blog post as concise as possible we will use my own nomenclature, physical and virtual.
Physical being when you try to access restricted areas in a company physically.
Virtually being when you try to access restricted areas in a company virtually by coercing an employee to run your malicious software.
Normally, on a social engineering engagement, you would outline a set of objectives with the client. These goals could be getting an employee to open and execute a malicious email attachment or download and execute a piece of software or even try to access a part of a building that is off-limits to the public or get employees to divulge information over the phone. The key is, as an outsider that doesn’t belong to the company, to get access or information from that company.
View our Phishing Assessment Services
Web Application Testing
Nowadays, every company has a website, a portal, an online booking system, a login area etc – all of which are, also known as web applications. It’s important to make sure these web applications are secure, as they often contain sensitive information such as customer data or bank account information.
That’s where web application testers come in – they are experts at finding and identifying any potential vulnerabilities in a website/web application. If these vulnerabilities were to be exploited by cybercriminals, it could result in significant recovery costs and regulatory penalties, as well as damage to a company’s reputation. That is why it is very important for companies, especially those in industries such as banking and healthcare and finance, to regularly test and secure their web applications to avoid any data breaches and penalties as the penalty for a data breach is much more expensive than getting your quarterly penetration test.
View our Web Application Testing Services
Internal Infrastructure Testing
An internal penetration test is about evaluating the security of a company’s internal networks, systems, and devices. Think of it as a “what if” scenario where we’re pretending there’s already been a security breach, and we’re checking to see how well the company’s internal defenses would hold up.
Because initial access to a company’s internal infrastructure can be both time-consuming and expensive to obtain, we use certain shortcuts to make sure we’re getting a comprehensive and thorough assessment without breaking the bank. But don’t worry, these shortcuts don’t compromise the effectiveness of the test itself.
External Infrastructure Testing
External infrastructure testing involves evaluating the security of an organisation’s external systems (internet-facing) and networks to test the effectiveness of a company’s perimeter defences. These could be things like firewalls, VPN servers, mail servers, and FTP servers. The main objective of this assessment is to identify vulnerabilities that would be exploited by an attacker who is attempting to gain access to an organisations network from the outside.
If you want to learn more, our blog on the differences between internal infrastructure and external infrastructure testing, is a good place to start.
View our Infrastructure Testing Services
A Day in the Life
In conclusion, a day in the life of a penetration tester is a combination of technical and analytical skills, as well as strong communication and collaboration. It’s a demanding but rewarding job that requires constant learning, attention to detail, and the ability to think outside the box. Throughout the day, a penetration tester may encounter a variety of challenges, including identifying and exploiting vulnerabilities in complex systems, communicating with clients and stakeholders, and staying up to date with the latest tools and techniques. However, the end goal of helping to improve the security of an organisation’s systems and protecting its valuable assets makes all the hard work worth it.
Need Help?
If your organisation needs help running a penetration test on an application or infrastructure, we’re here to help. We can assess your environment and run a full penetration test. We can also advise you on any follow-up actions or remediations from our findings within a thorough penetration testing report.
