Penetration Testing Solution

Why Are We Different?

BeyazNet has made a huge progress in the field of information security and support for over 25 years. With experience and certification, we are known as pioneers in cybersecurity.

In areas where needed, necessary hardware and software are procured and our team receives continuous education and certification support for sself-improvement with new technologies and attack methods. The experience gained from successful projects conducted on numerous systems in various sectors is transferred to new personnel who are expanding continuously.

What is Penetration Testing (Pentest)?

Penetration Testing, also known as PenTest or Pentest, simulates the methods used by cyber attackers to infiltrate institutions. Penetration tests identify vulnerabilities by looking at systems from a hacker's perspective before any damage occurs. These findings are provided to the relevant system and software teams to address vulnerabilities and make the system more secure.

There are numerous methods that attackers can use, categorized under the Mitre Att@ck Framework. Penetration test experts try to identify vulnerabilities using these methods.

Learn more about What is Pentest on our relevant page.

Penetration Tests provide resilience against attacks by analyzing systems from an external perspective, which is essential for almost every institution. However, penetration tests cannot find logical errors in configurations, architectural vulnerabilities, and process and operation issues. Therefore, gap analysis and technical configuration analysis should be done with a focus on IT regulation. Our end-to-end Digital Maturity Assessment IT analysis service can be found on our relevant page

Why Should You Have a Penetration Test?

When illegal infiltration occurs in information systems, the damage it can the damage it can cause to institutions can be very high. Cyber attacks not only cause financial damage but also lead to loss of workforce and prestige.

Cybersecurity is possible. But it requires a multi-layered security architecture and perspective. Penetration testing is one of these layers. Those who develop software or systems may overlook some precautions, or new attack methods may be developed over time, leading to unwanted new vulnerabilities in systems. For example, vulnerabilities such as Log4J, Blaster, MC17, Shellshock became apparent years after the applications were released and posed serious risks to many institutions. While critical vulnerabilities like these are heard in the market and quickly corrected, many vulnerabilities may go unnoticed. Keeping systems continuously up to date is important for cybersecurity. However, in order to find vulnerabilities in a software, an examination should be conducted with a hacker's perspective. Methodologies created for this purpose have been standardized and are offered as a service. It is important to note that the service is not a one-time process, and periodic penetration tests are necessary for continuous security. It is mandatory for many sectors such as finance, universities, defense industry to have this service at certain intervals.

General objectives of Penetration Test can be listed as follows:

• Reveal existing risks and threats in the institution's network and systems
• Provide an alternative perspective by looking at it from a hacker's point of view
• Test and audit the effectiveness of the organization's security policies, and dcontrols,
• Conduct an in-depth internal and external vulnerability and exposure scan,
• Supply usable data to audit teams collecting data for compliance with standards,
• Support security audits by offering comprehensive and detailed analyses of the organization's security capacity,
• Evaluate the efficiency of network security devices such as firewalls, routers, and web servers,
• Present a comprehensive plan identifying actions to prevent future attack, intrusion, and exploitation attempts,
• Determine whether the current software-hardware or network infrastructure requires modification or version upgrade,
• Meet the requirements of audit and certification institutions.

Our Reporting Systematic

Our reports,which include findings and solutions, are meticulously prepared to comply with regulations (EPDK, BDDK,etc.) and international authorities (OWASP, NIST, ISSAF, PCI-DSS, PTES, etc.).

Penetration test reportssensitive information that could pose risks to organizations. Our company has an encrypted report delivery infrastructure to ensure the secure transmission of reports. Thus, report access and files are always encrypted. The report link is sent via email, and passwords are sent via SMS. All reports are deleted after a certain period of verification tests. No files are kept on the computers of penetration test experts, unless for active projects they are working on. Since the reports are not stored with us, they should be carefully maintained by the organization who owns them.

Our Penetration Testing Accreditations

Our Company's Certificate Portfolio

• TSE Approved A Penetration Testing Company
• Cyber Cluster Member
• NATO Facility Security Certified Company
• Quality Certificates (ISO 27001, ISO 9001, ISO 22302, ISO 20000-1)

Certified Expert Staff

Our company is a pioneer in cybersecurity and has received technical and reliability accreditation from many institutions.

• CISSP Certified Information Systems Security Professional
• CEH Pratical Certified Ethical Hacker
• CEH Master Certified Ethical Hacker
• LPT Licensed Penetration Tester
• OSCP Offensive Security Certified Prof.
• eLearnSecurity Web Application Penetration Tester
• TSE Senior Penetration Testing Expert
• Comptia +
• 27001 Lead Auditor

Diverse Experience in Different Environments

Our company has successfully completed projects in hundreds of organizations with different infrastructures and disciplines in penetration testing.

• Two large companies with over 10,000 employes
• Universities
• Defense Industry Companies
• Metropolitan Municipalities
• District Municipalities
• Dozens of Private Sector Companies

References for penetration testing services are shared with permission from our clients due to confidentiality.

Custom attack scenarios for the organization and application

Penetration tests require a perspective from a real hacker's point of view. Automated scanning software only finds standard vulnerabilities. Most critical vulnerabilities can be discovered with detailed analysis specific to the application. Our team, well-versed in software operation logic, conducts application-specific tests using various manual methods and scenarios to identify real vulnerabilities.

• Development of case scenarios for open services
• Changing web token, cookie, rest, soap codes
• Interception
• Manual Detailed Scanning
• Different scanning techniques for Network/Web/Software/Mobile applications
• Deep knowledge of Software/JS/HTML
• Scenarios for becoming "Domain Admin" from inside and outside

More accurate and more findings

Security vulnerability analysis softwares examine whether there is a vulnerability based on the version of the service/software it reviews and the response it receives. However, testing whether this vulnerability really exists is dangerous. Manual checks are required to verify whether vulnerabilities are real. If not, many penetration test reports contain erroneous findings. These incorrect findings are called "False Positives." In our penetration tests, findings from different software and different team members are individually checked, and only real vulnerabilities are reported. The success of a penetration test is measured by its ability to find vulnerabilities to the maximum extent possible. Until now, our team has identified numerous vulnerabilities that have not been detected in years of tests in many organizations and reported them.

Different scanning techniques

Not all vulnerabilities in applications can be easily detected. Different methods should be applied for detailed studies. Especially, staged attacks research, finding vulnerabilities, dropping files, jumping to other servers, privilege are techniques used by hackers. Our company strives to detect vulnerabilities, to the best of experts’ abilities, by using different softwares, methods, and techniques in penetration tests.

• Full implementation of the Cyber Kill Chain technique
• MITM, LLMNR, Cyber Kill Chain attacks Development of scenarios for open services
• For services open to outside special scenario development
• Changing web token, cookie, rest, soap codes
• Interception
• Different scanning techniques for Network/Web/Software/Mobile applications

Custom reporting software of BeyazNet

A separate software is used for reporting in penetration test reports for OWASP-compliant and understandable reporting. This software reduces the time to write the report, prevents missing parts in the report, and brings a standard to the report.

Licensed Software

Hundreds of different applications are used for analysis, technology, and application in penetration testing. Most of these applications are collected in the Kali Linux system. Our company, like many other companies, uses the Kali Linux system; however, it has also purchased many software to increase the speed and quality of penetration testing and to perform manual tests more thoroughly.
Some of the software we use:

• Nessus
• Netsparker
• Acunetix
• Burp Suite
• Fortify
• FortiDB
• FortiTester
• Solar AppScreener

What is Cyber Kill Chain?

According to Lockheed Martin Company, a sophisticated attack consists of the following stages:

• Reconnaissance (Finding vulnerabilities)
• Weaponization (Preparing tools and software for penetration)
• Delivery (Sending or installing prepared software and malicious files into the system)
• Exploitation (Installing applications that exploit vulnerabilities)
• Installation (Installing applications that allow access to other systems)
• Command and control,c2 (Taking control; making systems accessible)
• Actions on objectives (Action; performing activities according to the attack target)

We have been able to reach the highest authorized level, the "Domain Admin" role, in many organizations by conducting tests from the outside in a phased manner, simulating the actions of a real attacker.

Strong report security infrastructure and systematics

Our reports, which include findings and solutions, are meticulously prepared to comply with regulations (EPDK, BDDK etc.) and international authorities (OWASP, NIST, ISSAF, PCI-DSS, PTES, etc.).

Internet-Based Penetration Testing

Internet-based penetration testing is a test that continues with the discovery of IP, port, and domains of the relevant target or the attack form over the specified target, using techniques such as Google Dork, Offensive (Attacker) OSINT, Open Port, and service identification. Critical services, applications, or files may be left open to the public on the internet, and attackers can collect information and expand the attack surface using active and passive information gathering techniques.

Local Network and System Penetration Testing

Many organizations neglect local network security because it is thought that an attacker cannot gain access to the local network. Since the attack surface is very broad in information technology infrastructure, it is extremely difficult to fully protect the infrastructure from a vulnerability. An insecure local network can lead to theft of sensitive data, service denial, or unauthorized access.

In local network security testing, the actions of a real attacker are simulated exploiting system vulnerabilities. The security of all network components such as server systems, switches, routers, firewalls, which may exist in the organization's infrastructure, should be tested.

In local network security tests conducted by BeyazNet, weaknesses that can be used to compromise the confidentiality, integrity, and accessibility (CIA Triad) of the IT infrastructure are examined, potential effects are investigated, and the findings detected in the organization are ranked according to their security levels. A detailed vulnerability description, the effects it will have on the local network, screenshots, solution suggestions and reference links are reported.

Active Directory Penetration Test:

The Active Directory Test begins with a user account with standard permissions in the AD environment. The goal is to discover Active Directory vulnerabilities overlooked by system administrators, including misconfigurations and insufficient improvement procedures, primarily related to the general structure of AD. The objective of the Active Directory test is to gain access to the most authorized user known as the Domain Admin.

Web Application and Server Penetration Test:

In the Web Security and Server Test, after identifying domains and subdomains, penetration tests are conducted according to the OWASP TOP 10 standard. Discovered vulnerabilities are reported in compliance with OWASP and NIST. The web application test is divided into three categories: White Box, Gray Box and Black Box. Tests are performed with authorized and unauthorized user profiles while examining access to databases and servers to create attack scenarios for gaining access to databases and servers through web applications, escalating privileges, and establishing persistence

Mobile Application Penetration Test:

Mobile applications play a significant role in the software world, interacting with a large ecosystem involving mobile devices, network infrastructures, servers and devices in data centers. So, mobile applications present a multifaceted attack surface. Using the OWASP Mobile Top 10 as a reference, static and dynamic tests are performed to identify vulnerabilities in both the mobile infrastructure and background services.

Social Engineering Tests:

Social Engineering Tests involve calling employees within a prespecified scenario or sending phishing emails to expose individuals' confidential information. By obtaining critical data, attackers horizontally advance, increasing the scope of acquired information, such as email usernames or passwords and domain environment details.

Database Penetration Test:

The Database Test evaluates both externally and internally accessible databases. Tests are divided into two categories; testing services running on the server and verifying the correct configuration of the database. Steps within the test include the discovery of services and ports, checking for update deficiencies, and identifying simple password policies.

Wireless Network Penetration Test:

Wireless networks are widely used in various areas today, including restaurants, cafes, public institutions, technology parks, and buses, to name a few examples. Consequently, the failure to secure wireless networks has become an easy entry point for attackers into both corporate and private networks. Attackers actively search for vulnerabilities in the security of wireless networks and utilize various methods to launch attacks. When successful, these attacks can compromise the organization's network using the obtained information.

In wireless network tests, data on the network is collected and analyzed. Additionally, efforts are made to capture sensitive data, gain unauthorized access, and attempt to crack the passwords of wireless networks. Tests involve scanning the traffic of Captive portal, WPA Enterprise, and WPA2/WPA/WEP networks to determine their security status.

At BeyazNet, attacks are performed using the necessary equipment to assess the security of wireless networks. Following the attack, a comprehensive vulnerability report is compiled, detailing the impact on the organization, screenshots, recommended solutions, and reference links.

DDoS Test:

Distributed Denial of Service (DDoS) aims to render targeted applications, organizations, or services unavailable by flooding them with fake traffic from various sources.

Symptoms of a DDoS Attack:

To detect a DDoS attack, it is essential to analyse the traffic over a period ranging from a slight performance deficiency to a complete breakdown of the affected website, depending on the type of attack. Knowing the most common indicators that a website is affected by a DDoS attack is the main aspect for every web administrator.

Some attack indicators include:

• Slow network performance.
• Loss of website accessibility.
• Rapid increase in spam email count.
• Internet connection problems.

Targets of DDoS by Layers:

• Application Layer: The goal of this layer's attack is to consume the resources of the service.
• Protocol Layer: The attacker reduces the capacity of the server's existing status table by attacking this layer.
• Volumetric Layer: Attacks at this layer aim to create congestion by utilizing all bandwidth between the attacker's website and the internet.

SCADA/ICS Vulnerability Analysis and Penetration Test:

Supervisory Control and Data Acquisition (SCADA) is an industrial control system used to monitor and control critical machines, as well as industrial and infrastructurre processes.

SCADA systems often use outdated operating systems, making them susceptible to various vulnerabilities. Nowadays, companies are connecting SCADA network segments to the internet, increasing the possibility of existing vulnerabilities. Due to the prevention of disrupting operations, SCADA systems are often not patched, thus creating vulnerabilities that attackers can easily exploit.

After an EKS/SCADA penetration test, the organization gains:

• Comprehensive insights into the risks associated with EKS/SCADA systems.
• A report indicating that EKS/SCADA systems are not defenseless against attackers.
• A detailed report outlining the security issues of EKS/SCADA systems, including screenshots and solution recommendations.