Network pentesting imitates the bit part contribution of attacker who venture to get trajectory for internal network in the absence of any internal resources/knowledge and unaware of happenings inside the network. The MoxieHawk security engineer endeavour to glean all sensitive information via Open-Source Intelligence (OSINT) comprehending employee information, historical breached passwords and furthermore which could be violated against external system to acquire internal network access. Further, the engineer implement scanning and enumeration to recognize the potential vulnerability against exploitation, scanning potential host vulnerability. Including common and advanced internal network attacks such as LLMNR/NBT-NS poisoning, man- in-the-middle attacks, token impersonation, kerberoasting, pass-the-hash, golden ticket and procure access to hosts via lateral movement, concession on domain user and admin accounts and ex-filtrate sensitive data.
All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), OWASP Top 100 Scenerios, and customized testing frameworks.