Network Penetration Testing

Cyber security works penetration testing service provides an in-depth understanding of weakest links to enterprise’s network that assists in securing information infrastructure from outside and inside attackers. We use a proprietary data-mining framework which is a comprehensive technology employing computational intelligence to exploit discovered vulnerabilities.
Our tests (external and internal) replicates actions of an attacker with an adversarial intent to gain unauthorized access to portions of enterprise’s network i.e., any device that has a network address or is accessible to any other device from the perspective of a trusted user and adversary from inside, remote and outside.
To ensure complete and comprehensive analysis the test is not limited to servers, it includes work stations, network peripherals, information security devices, printers, back-up systems, log management systems, disaster recovery devices, and storage systems.
We generate a detailed report outlining successful attacks; characterizing specific vulnerabilities, communication channel used, and exploit code.  Our penetration tests are targeted; hence we are able to accomplish this with minimal disruption to the client’s enterprise operations. 
Network penetration testing attack modules consist of payloads that belong to one or more of the four major attack taxonomies (interruption, interception, modification, and fabrication). Attack payloads that exploit common categories of network and system vulnerabilities are listed below.
Attack Modules that Target Common Vulnerabilities:

Kernel Flaws: kernel is the core of most operating systems (OS). Kernel code is responsible for managing system’s resources, overall security of the system, and communication between hardware and software components. Flaws in kernel code will put the entire system’s security into jeopardy. Most common kernel flaws that affect multiple OS (Windows-9X, NT, Flavors of Linux, UNIX, BSD, MAC-OS, IBM-AIX, SUN-Solaris, CISCO-IOS, Juniper-JUNOS, Extreme-XOS, etc) allow a user with shell access to mount a privilege escalation attack to gain super-user or root or administrator privileges.

• Multiple Windows Kernel Vulnerabilities and LSASS
• Microsoft Remote Procedure Call vulnerabilities
• Microsoft Windows kernel GDI local privilege escalation
• Microsoft Windows NT CSRSS Memory Access Violation Vulnerability
• Linux Kernel "do_brk()" Privilege Escalation Vulnerability
• Linux and BSD 'OpenSSH' Privilege escalation vulnerability
• FreeBSD/amd64 'swapgs' Local Privilege Escalation Vulnerability
• BSD Kernel SHMAT System Call Privilege Escalation Vulnerability
• Mac OS X Multiple Command Execution and Privilege Escalation Vulnerabilities
• Apple Products ARDAgent Privilege Escalation Vulnerability
• IBM AIX "swcons" Command Privilege Escalation Vulnerability
• IBM AIX Privilege Escalation and Remote Code Execution Vulnerabilities
• IBM AIX "cfgmgr" Privilege Escalation Vulnerability
• Cisco IOS Secure Shell Denial of Service Vulnerabilities
• Local Privilege Escalation Vulnerabilities in Cisco VPN Client
• Cisco IOS Command Line Interface Privilege Escalation Vulnerability
• Juniper ScreenOS and JUNOS DNS Cache Poisoning Vulnerability
• Extreme Networks ExtremeWare XOS Privilege Escalation Vulnerability

Buffer Overflows: buffer overflow is an anomalous condition that occurs when programs do not adequately check input for appropriate length. During a buffer overflow an adversary attempts to store data beyond the boundaries of a fixed length buffer. As a result of this, arbitrary code can be introduced and executed with the privileges of the running program. This code may result in memory exception, program termination, and privilege escalation (remote access if an adversary does not have local access (R2L) and super user access if an adversary has local access (L2Su).

• Microsoft Buffer Overrun In RPC Interface (Could Allow Code Execution)
• Microsoft HyperTerminal Buffer Overflow Vulnerability
• Microsoft Internet Information Services Remote Buffer Overflow (SYSTEM Level Access)
• Microsoft DNS RPC Buffer Overflow
• Microsoft Windows RPCSS malformed DCOM message buffer overflow vulnerabilities
• UNIX/Linux Buffer overflow vulnerability in xine-lib
• Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
• A buffer overflow vulnerabilities has been identified in SSH Daemon and RSAREF2 Library
• IBM AIX 'errpt' Local Buffer Overflow Vulnerability
• IBM AIX Multiple Utility Buffer Overflow and Insecure Permissions Vulnerabilities
• Cisco IOS Firewall Authentication Proxy Buffer Overflow Vulnerability
• CISCO IOS NHRP Remote Buffer Overflow Vulnerability
• Juniper JUNOS OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability
• Juniper JUNOS OpenSSL ASCII Representation Of Integers Buffer Overflow Vulnerability

Race Conditions: race condition is a flaw in a program or process that occurs when a program or process enters into a privilege mode before the program or process has given up its privileged mode. An adversary can take advantage of this and successfully manage to compromise the program or process during its privileged state. Common race conditions include signal handling and core-file manipulation. Most common security vulnerability that occurs due to race condition is called time-of-check-to-time-of-use bug. 

• Microsoft Unicast Service Race Condition Vulnerability
• Microsoft DCOM RPC Race Condition
• Microsoft RPCSS Multi-thread Race Condition Vulnerability
• Microsoft Windows 2000 and XP RPC race condition
• Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability
• Unix Shell Redirection Race Condition Vulnerability
• Linux ptrace race condition vulnerability (allows a local attacker to gain root privileges)
• RedHat Linux diskcheck Race Condition Vulnerability
• IBM AIX rm_mlcache_file Local Race Condition
• AIX acledit & aclput Race Condition Vulnerability
• Cisco Adaptive Security Appliance Failover Bug

File and Directory Permissions: file and directory permissions control access to specific users and processes to files and directories. Appropriate access controls are critical to the security of any system. Misconfigurations might allow adversaries to gain access to sensitive data or add network devices to the trusted network.  

• Microsoft Windows NT SAM permission Vulnerability
• Microsoft Windows XP insecure file permissions
• Microsoft Windows Broker FTP Directory Permissions Vulnerability
• Sendmail Group Permissions Vulnerability
• Multiple vulnerabilities in Ingres Database for Linux
• Mac OS X Systemic Insecure File Permissions
• IBM AIX HACMP (topsvcs and grpsvcs) world writable directory/file vulnerabilities
• IBM AIX Multiple Vulnerabilities
• Multiple Vulnerabilities in Cisco Secure Desktop

Symbolic Links: symbolic link (symlink or soft link) is a file that contains a reference to another file or a directory. If these programs run with super user privileges, an adversary can create symlinks to manipulate these programs into modifying critical system files.

• KDE KDM Session Type Symbolic Link Vulnerability
• RedHat dhcp Symbolic Link Vulnerability
• IBM AIX alog, swcons, and cfgcon symbolic link vulnerability
• Samba Insecure TMP file Symbolic Link Vulnerability

Malware: malware is software designed to infiltrate or damage a system without user’s consent. Malware includes viruses, worms, Trojans, rootkits, spyware and other malicious and unwanted software. Malware can be employed once access is obtained to allow a backdoor or a key logger into the system at anytime to gain unauthorized access to sensitive information.

Posted in: Penetration, Testing