{"id":9375,"date":"2021-12-22T13:29:14","date_gmt":"2021-12-22T12:29:14","guid":{"rendered":"https:\/\/www.nfir.nl\/infrastructure-pentesting\/"},"modified":"2024-08-19T15:34:51","modified_gmt":"2024-08-19T13:34:51","slug":"infrastructure-pentesting","status":"publish","type":"page","link":"https:\/\/www.nfir.nl\/en\/pentesten-security-audits-to-test-your-digital-resilience-2\/infrastructure-pentesting\/","title":{"rendered":"Infrastructure Pentesting"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Infrastructure Pentesting<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Pentests are crucial for risk management, regulatory compliance and data protection.<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tNeem contact op<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"NFIR\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"NFIR\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Infrastructure Pentesting<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Pentests are crucial for risk management, regulatory compliance and data protection.<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Infrastructure pen testing is performed for companies that want to check the functionality, security and safety of their IT infrastructure. We provide an honest and realistic status overview of your environment. The scope of our pen tests is always determined together with the client. That means we can perform our services in any environment: internal, external or in the cloud!<\/b><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Web\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tWhat we can pentest for you<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Scope examples<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The following environments can be included during an infrastructure<\/strong> pen test<\/strong>: External, Internal or Cloud IT infrastructures. Testing laptops, PCs, smartphones or testing the available Wi-Fi on site is also among the possibilities. Want insight into the security of any of the above environments? Or do you have another issue you want answered? <\/span>Then get in touch!<\/a><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What attack scenarios are possible for infrastructure pen testing?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The most common attack scenario for an IT infrastructure is a combination of Black and Grey Box. An illustrative example is provided below for both attack scenarios. During an intake the wishes will be mapped out in order to choose a suitable scenario.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\"Black<\/figure>

Black Box of the external IT infrastructure<\/h3>

With minimal information, a picture will be formed of vulnerabilities in the publicly available IT infrastructure. By means of open source research (OSINT) as much information as possible will be collected to discover vulnerabilities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\"Grey<\/figure>

Grey Box of internal IT infrastructure<\/h3>

Testing the internal infrastructure is at least as important as the external environment. This scenario simulates what a malicious hacker or malware might do if it gains access to the internal network through, for example, a phishing or social engineering attack. Which vulnerabilities are present and is it possible to increase the privileges to administrator rights?<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Pentestbox during internal infrastructure pentesting<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A large proportion of attacks on businesses start with hacked computers or employee accounts that are in the familiar office environment. Sometimes an employee accidentally installs something or his or her account is compromised. In addition, servers may be attacked on-site. To test what might happen if this scenario occurs, it is necessary to place a computer within the network. Previously, NFIR’s ethical hackers would physically come to your office location for this, today this is also done remotely with a pen test box. <\/p>\n

Learn more about the pentest box-><\/a><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What clients have to say<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t

Pen tests<\/h3>\n
Among other things, NFIR assisted VWS in pen testing the various digital assets being developed as part of the pandemic response. CoronaMelder, for example. This was carried out satisfactorily and in pleasant partnership. The results were also shared with the House of Representatives.<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\"Home\"\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\tRon Roozendaal<\/span>CISO
Ministry of Health, Welfare and Sport<\/span><\/cite>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t

Digital Forensics & Pentesting<\/h3>\n
When an incident occurred, we were looking for a partner who could conduct digital forensics for us and advise us on how to proceed. We ended up with NFIR. The expertise and thoughtfulness made us also have our Pentests performed by NFIR. We welcome NFIR's approach to this and their advice to help us make and keep our digital environments more secure.<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\"Home\"\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\tAndr\u00e9 Poot<\/span>ICT & Education Policy Advisor
Willem van Oranje Onderwijsgroep<\/span><\/cite>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t

Security Monitoring & Pentesting <\/h3>\n
Countering cybercrime is obviously not something you can do alone. That is why we partnered with cyber security specialist NFIR. We started a very meaningful pentest. We now purchase almost all security services from NFIR to our great satisfaction. We recently launched Security Monitoring. It gives a sense of security because there is a structured, proactive and broad look at our systems. We cannot gather this knowledge and experience ourselves. It also keeps us on our toes, as the service provides insights we don't think of ourselves. With NFIR as a partner, we remain at the forefront.<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\"Home\"\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\tRob Hordijk<\/span>Operations Manager
Royal Hordijk<\/span><\/cite>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t<\/path><\/svg>\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Infrastructure pentest methodology<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

NFIR uses the Penetration Testing Execution Standard (PTES) for pen testing IT infrastructures. This methodology gives you the assurance that the pen test is performed to the correct standards and completely. We find it important to be as transparent as possible about the execution of the pen test. For this reason, we offer a checklist for various pen testing standards which is added to the report. This allows you to see which checks have been carried out, which could not be carried out and which, if any, were not applicable.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
<\/div>\n\t\t\t\t
<\/div>\n\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\tSample infrastructure pen testing report\t\t\t\t\t<\/h2>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

A sample report (NL\/EN) of a black box infrastructure pen test is available.
In this report, a pen test was performed on a fictitious environment, whereby vulnerabilities were made transparent.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\n\t\t\t\t\t\tRequest a sample report of an infrastructure pen test here\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\tPentest\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t
\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t

Pen tests<\/h3>\n\t\t\t<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Please leave your information so a professional can call you back as soon as possible.<\/h5>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\n\t\t
\n\t\t\t