Founded by information security experts who worked for many years at TÜBİTAK National Electronics and Cryptology Research Institute (UEKAE), BTYÖN aims to provide you with the best service for your pentest needs.
If your car is stolen or your wallet is stolen, you may notice it, but today, if your information is stolen, it will be much more difficult, complex and costly to detect. In many sectors, we encounter events such as information loss, service interruptions, and even reputational losses due to external hackers or disgruntled personnel. BTYÖN offers proactive approaches to prevent your organization from encountering such undesirable events.
The studies to be carried out within the scope of pentest will enable you to determine what risks your organization carries, both from the outside world and within the organization. BTYÖN offers pentest services with information security experts with more than 10 years of experience to determine your organization's vulnerabilities and risks related to information technologies.
Pentest work provides input to your ISO 27001, PCI-DSS, COBIT, ISO 22301, ITIL, GDPR and legal compliance studies.
The scope of pentest is determined entirely according to the needs of the organization by the IT, risk or information security manager of the organization together with BTYÖN information security experts. Depending on the products and services offered by your organization, sensitive data sources, application servers, network communication infrastructure systems, security products and solutions are included in the scope of testing. Tests can be carried out separately from outside and inside the organization. An aggressive method is followed to reveal the information security vulnerabilities of the institution. The most frequently used methods in the offensive method are vulnerability scanning and pentest.
In vulnerability scans, tests are carried out on all systems in line with the scope given by the officials of the target institution and their vulnerabilities are detected. The purpose of this application is to detect and report security vulnerabilities in the institution's systems. Vulnerability scanning is usually carried out with automated tools. In pentest studies, after vulnerabilities are detected, they are exploited in a controlled manner and attempts are made to gain access to the systems. An attempt is made to access other systems and databases from the accessible systems. The quality of the pentest and the extent to which it can carry out an attack depend on the experience of the team that will perform the pentest.
The following organizations and guidelines are used in creating the BTYÖN pentest report;
-OWASP TESTING GUIDE v4
-OSSTM
-ISSAF
-NIST
DATA COLLECTION
The aim of the information gathering phase, which is one of the first phases of pentesting, is to collect as much information about the target system as possible. The information gathering phase can be done with two different methods: active information collection and passive information collection.
PASSIVE INFORMATION COLLECTION
In the passive information collection method during pentest, it uses the internet environment without performing any queries against the target systems. Platforms that can benefit from;
- Archive Sites (archive.org)
- Search engines (Google, Bing, Yahoo etc.)
- Social networking networks (Twitter, Facebook, Linkedin, Pipl etc.)
- Blogs and discussion forums
- Career sites etc.
The type of information to be obtained and how it can be used in the next steps depends on the experience of the pentest team.
ACTIVE INFORMATION COLLECTION
With this method applied during pentest, the systems of the target institution are interacted with and information is tried to be collected from the systems through various queries. Attempts made with this method must be detected at the log level by well-structured systems. Some of the information that can be obtained are;
-DNS records (A, MX, NS etc.)
-DNS version information
-Subdomain names
-E-mail platform information
-Banner information etc.
NETWORK MAPPINGThe aim of this phase, which is carried out in the later stages of pentesting, is to determine the network infrastructure and network structure of the target system. Identifying open ports on target systems, running services, their versions, and all security and network devices used by the institution helps us in the network mapping section.
VULNERABILITY SCAN
While pentesting, one of the most important information that can be used to detect vulnerabilities in target systems is the version information of the running services. Version information can also be detected in the banner information obtained from the requests made. In this phase, vulnerability detection is additionally carried out using automatic vulnerability detection tools. Configuration errors, logical errors and vulnerabilities caused by lack of security policy are detected in line with the experience of the pentest team.
ACCESS TO THE SYSTEM
This is the phase in which the obtained vulnerabilities are verified and access to the systems is provided. In this phase, vulnerability information is researched on the platforms where the vulnerabilities are published, exploit codes/tools, if any, are determined and trials are made, and if there is enough time, vulnerability tools are written. This phase is very important in the pentest process, the pentest team must be experienced in order to fully realize this phase. In systems where access is obtained, the user accounts of the system are identified and attempts are made to access the passwords and password hashes of these accounts.
PRIVILEGE ESCALATIONAuthorized user rights may not always be available in systems accessed by exploiting any vulnerability during pentesting. In these cases, unauthorized user privileges may be increased in systems where the necessary security patches have not been made or are incorrectly/misconfigured. Configuration commands containing passwords can be found in the logs of incorrectly configured services and in the history of the consoles.
INFECTION TO OTHER SYSTEMS
During the pentest process, detailed research is required during the infiltration phase into other systems. It is necessary to detect devices that are on the same network or connected to the same switching device as the infiltrated systems. The obtained passwords are used in attempts to access the detected systems. Vulnerabilities in new target systems must be identified and exploitation attempts are made.
Infiltrating Other NetworksWhile pentesting is being carried out, attempts to jump to other networks are being attempted at this stage. Other systems with which the infiltrated systems interact in a network are detected and attempts are made to access devices in other networks through various connection attempts.
ACCESS CONTROL
In real attacks, attackers who gain access make changes to the system to maintain their access. It may take days to obtain account information that may be important for the overall system. Protecting access to the systems to which access rights were obtained during the pentest is important for the test to simulate a real attack.
ERASING TRACES
In systems where access is gained and investigations are completed, traces must be deleted, malware, backdoors, etc. are detected in the system. All vehicles must be removed. Since this phase is important for the security of the system after the pentest, the steps taken during the pentest are noted.
REPORTING
This phase is the most important phase for the customer institution; after all the work done, a pentest report reveals the security status of its systems. The pentest report should be written in a very descriptive and informative manner. The damages that the findings obtained may cause in the system should be descriptive and satisfactory. Solution suggestions and references provided to eliminate the findings should be up-to-date. The report should be prepared in a way that the findings can be evaluated in different categories. Giving the tools used during pentest in the report is important for the customer institution's system administrators and employees to increase their own awareness. The pentest report should include the general security assessment of the customer institution and include improvement suggestions. More detailed information about how pentests are carried out is presented in the following headings.
WEB APPLICATION PENTEST
Web applications are defined as the eyes of institutions opening to the world. It is also known as a symbol of the institutions' reputation in the sector and towards their customers. The aim of pentests for web applications is to determine whether attackers can access corporate information and customer information through web applications over the internet.
MOBILE APPLICATION PENTEST
Mobile applications, like web applications, are defined as institutions' windows to the world. It is also known as a symbol of the institutions' reputation in the sector and towards their customers. The aim of pentests for mobile applications is to determine whether attackers can access corporate information and customer information through their mobile applications.
EXTERNAL NETWORK PENTEST
External network pentesting can be performed with or without creating a scope. In the test, which is carried out with information obtained from the outside world without creating a test scope, the organization's interfaces facing the outside world are tested. These are generally web pages, application servers, network communication devices (routers and wireless network access points), security systems such as firewalls and intrusion detection systems. In external network pentests, security tests are carried out on servers located in the external network within a certain IP range. The attacker profile portrayed in this test is usually an anonymous user profile. The profile in question is an unauthorized user who can access an institution's system as much as anyone else. If the attacker can take over a machine open to the Internet (Pivoting), he can take over the domain management in the corporate internal network, thus manage all servers and clients, and also access all the information of the organization. Tests carried out in this area aim to reveal the security risks of the system by realizing the threats that an attacker may pose in the external network.
INTERNAL NETWORK PENTEST
In this pentest category, all components in the domain and local network are tested. The attacker profiles portrayed in this test are; These are attacker, guest, employee, authorized employee, unhappy employee, curious employee and malicious employee profiles with physical access. The mentioned profiles can have very bad consequences for an institution's system. An attacker in the organization's local network can take over the domain management, thus manage all servers and clients, and also access all the information of the organization. Tests carried out in this area aim to reveal the security risks of the system by realizing the threats that an attacker can pose on the local network.
WIRELESS NETWORK PENTEST
Wireless networks with security vulnerabilities can endanger the entire network. Misconfigured or incorrectly positioned wireless network devices in the corporate network pose a risk area for the corporation. In this category, threats that may be directed to the institution from outside the institution and through wireless networks within the institution are detected.
PENTEST FOR VPN SYSTEMS
Many employees use VPN to easily access their employer's network from anywhere in the world. However, this situation should not create an eternal sense of security in us. VPN is also a gateway for attackers. In this case, in order to protect the privacy that VPN offers us, both employers and employees who use this service need to understand how to keep this mechanism safe. It can be said that the first step in this process is to have a pentest. In these pentests, the VPN type must first be determined, but regardless of the type, the basic steps remain the same. The first step is scanning open ports and fingerprinting. The next step is to use known vulnerabilities. Then, existing user accounts are used. You can detect vulnerabilities that threaten your security with pentests on these systems.
SOCIAL ENGINEERING PENTEST
Social engineering pentests, human vulnerabilities; It is a set of attack vectors that are carried out to collect information from target institutions or individuals by using weaknesses such as influence, rapid persuasion and sudden decision-making. The biggest weakness of the systems, which cannot be easily prevented, is designed to exploit people.
PENTEST FOR DOMAIN, SERVER AND CLIENT SYSTEMS
In this testing category, security tests of the domain, servers and clients in the local network are carried out. Many checks are carried out in this category, such as examining the security patches of servers and the use of weak or predictable passwords for services, systems and applications.
PENTEST FOR SWITCH AND ROUTER SYSTEMS
In this pentest category, various vulnerabilities are tested on switchers and routers through which an institution's network management is carried out. Some of these vulnerabilities may arise from the firmware version used on the device, the operating system on it being out of date, unnecessary service usage, etc. is happening. One of the most common vulnerabilities here arises from the lack of secure configuration of the services used. The tests carried out in this category are carried out to analyze attacks that may come through network management devices and to detect risks that may arise.
PENTEST FOR DATABASE SYSTEMS
Database servers are considered the most important servers for an organization. A vulnerability in the database servers or in an application that accesses the database can endanger all corporate and customer information. Database servers must be protected against all existing threats such as information disclosure and service disruption. The tests performed in this category are structured to detect threats to the database.
DDOS DDoS tests are also known as distributed denial of service tests. The purpose of this test is to prevent the accessibility of the target system. Distributed means that an attempt is made to increase the bandwidth used in the attack by performing the attack from different campuses. Tests where the same operations are attempted from a single point are called DoS.
PENTEST FOR ATM AND POS SYSTEMS
In this context, the functions of ATM devices and POS systems that enable payment are tested, where the institution carries out its field operations (money deposit and withdrawal, EFT, etc.).
Get ready for ISO 27001 internal audit with the help of our expertise in the field.
We are here to help you manage your information security in accordance with the internationally accepted ISO27001 standard.
We provide red team operations with experts on the field. Find out your vulnerabilities with our Red Team service.