How to perform an internal penetration test in the
Covid-19 era
About Project
As we all know, Covid-19 has changed our personal and professional lives. In the penetration testing profession, the most obvious obstacle during the pandemic is the internal penetration tests. This type of assessment (as the name suggests) requires on-site presence to the client’s premises in order to connect to their internal network and perform the tests. So how did we manage to perform the work and keep everyone safe?
Problems to be Addressed
01
02
03
Secure - Zero compromise on security
04
Scalable - Multiple users from different locations
Solution
The solution was found in the use of -you guessed it- technology! We used a MikroTik router which connects back via a EoIP over SSTP tunnel to our offices, giving any member of the team access to the client’s network (full technical details in the publication roadwarrior). And this actually worked pretty seamlessly! It also gave us the advantage to perform scanning overnight (if the client was okay with that) as well as bigger timeframe to work on the project because we did not have the commuting etc.
Diagram Overview
Results
We have tested the solution for a large global company as well as for local smaller ones. The clients were happy because they had their deadlines, and they really wanted the internal pentest to go ahead amid the pandemic. From our side also it was also a very good experience and it showed us that internal pentest can be done remotely. This was a solution we were thinking about even before Covid but when the convenience became necessity, we brought it into realization.
Limitations
The only limitation with this project was the reluctance from some clients (especially in the banking sector). In this case of course we respected the client’s decision, and we performed the penetration test in a later stage (after lockdowns were lifted).
