fbpx
Select Page

AUTOMATED EXTERNAL INFRASTRUCTURE PENETRATION TESTING 

WHAT IS AUTOMATED EXTERNAL INFRASTRUCTURE PENETRATION TESTING?

 

Evolve orchestrates scalable penetration testing environments specifically for the type of penetration test you want to perform. You choose the level of protection and intensity that is right for your business needs with event-driven or daily, weekly and even monthly periodic penetration testing.

The Evolve “Automated External Infrastructure Penetration Testing” solution helps organizations minimize the time to detect and verify critical risks and security weaknesses. A powerful combination of automated reconnaissance and active attacks with intelligent and safe exploitation against your publicly accessible infrastructure, means security teams gain regular insights into prioritized internet-based risks to ensure their time is dedicated to effectively reducing real business risks.

Evolve orchestrates on-demand penetration testing environments in real-time that are designed to perform context-based attacks against your organization, helping you identify the most critical threats and risks. Security teams can efficiently and effectively reduce risk through automated reconnaissance results, system and software fingerprinting, real-time exploit and malware searches, with automated attacks and exploitation.

Running regular automated and repeatable penetration tests help you stay on top of the latest attack techniques and manage critical risks that impact your business throughout the year. Verify remediation actions immediately to ensure their effectiveness and identify other avenues of attacks.

Register your free Evolve account now 

 

EVOLVE MARKETPLACE

Automated External Infrastructure Penetration Testing is available in the Evolve Marketplace. Simply import this automation workflow into your Evolve Account with flexible monthly subscriptions to maximize your security budgets MORE

GET STARTED

Our Getting Started Guide will step you through importing and launching your first Automated External Infrastructure Penetration Test. Enhance your specialist security capabilities now MORE

FEATURES

Employee Social Media Reconnaissance

Email Reconnaissance and Verification

Online Compromised Account Reconnaissance

Offline Compromised Account Reconnaissance

Darknet and Reputation Reconnaissance

IP and DNS Reconnaissance

Cyber Threat Intelligence Reconnaissance

Exposed Port and Service Identification

Software Version Identification

Software Vulnerability Identification

Vulnerability Scanning

Public and Commercial Exploit Identification

Active Malware Exploitation Identification

Evolve Automated Exploit Configuration

Evolve Automated Exploitation

Automated Vulnerability Risk Prioritization

Automated Firewall Hole Identification

Automated Administrative Services Identification

FLEXIBLE SUBSCRIPTION PRICING

 

Evolve enables you to maximize your security budget by providing flexible monthly subscriptions with no lock in contracts. Simply import the Automated External Infrastructure Penetration Testing capability from the Evolve Marketplace to begin your subscription.

 

US$1,500 per month with no lock in contract

OPTIMISE YOUR COSTS WITH USAGE-BASED BILLING

IMPORT USAGE

Importing workflows and modules from the Evolve Marketplace has once-off usage charges per import to orchestrate your new capabilities

SECURITY ZONE USAGE

Evolve transparently optimizes usage charges related to the scaling of Security Zone infrastructure and storage in real-time

WORKFLOW USAGE

Evolve Workflow usage occurs when launching new workflows to orchestrate and chain your security automation modules and data

MODULE USAGE

Evolve Modules are stored and executed on-demand and in real-time that incur usage. Optimize usage by reduced module executions

SERVICE USAGE

Evolve Service usage occurs upon scheduled or on-demand service execution. Minimize usage by reducing service calls

CONTAINER USAGE

When storing and transferring data within Evolve Containers, usage charges can be optimized by compressing or expiring data

DASHBOARD USAGE

Generating and storing Evolve Dashboards incur usage to enable populating chart data from within Evolve Containers

EVENT USAGE

Evolve Event usage enables you to keep track of all of the security automation actions and events within your accounts

FREQUENTLY ASKED QUESTIONS

WHAT IS AUTOMATED EXTERNAL INFRASTRUCTURE PENETRATION TESTING?

Evolve Automated External Infrastructure Penetration Testing will automatically collect and generate intelligence about your organisation, employees and systems that can be used by attackers to compromise your organisation. This includes identifying your most exposed employees, leaked usernames and passwords, compromised systems, suspicious dark web communications, unknown domains, systems and geographic locations.

This continues into the active testing phase that includes exposed system and software fingerprinting, real-time exploit and malware identification, automated vulnerability identification and attacks, followed by intelligent and automated exploit configuration and exploitation.

The combined results of these phases are then used to automatically prioritize the vulnerabilities that are most at risk of being exploited to ensure that your security team dedicates their time to remediating real risks to your business.

HOW DO I GET STARTED?

The first step is to register for an Evolve Account. You will then have access to the Evolve Marketplace where you can subscribe to the Automated External Infrastructure Penetration Testing solution. Simply import this automation workflow into your Evolve Account.

You can follow the Getting Started Guide to then schedule your first Automated External Infrastructure Penetration Test workflow instance. The results will automatically be displayed in the corresponding Evolve Dashboard. 

IS THE AUTOMATED EXPLOITATION FEATURE SAFE?

Evolve Automated External Infrastructure Penetration Testing is designed to automatically identify in real-time the latest available exploits on the internet for the vulnerabilities that have been identified on your systems.

These exploits are then automatically analyzed to identify if the exploit is known to trigger a Denial of Service condition, in which case you will be notified of the exploit and the execution will be skipped.

On top of this, exploits are automatically classified to determine their maturity and quality level to ensure that only exploits classified as safe are launched against your systems.

Other contextual information about your environment is also used to configure the exploits in the best possible way using the information available.

GETTING STARTED WITH
AUTOMATED EXTERNAL INFRASTRUCTURE PENETRATION TESTING

STEP 1: REGISTER AN EVOLVE ACCOUNT

Congratulations for deciding to mature and streamline your security capabilities and maximize your security budgets. Your first step is to simply Register an Evolve Account using the Register button on the Evolve website.

STEP 2: LOGIN TO YOUR EVOLVE ACCOUNT

Now that you have an Evolve Account, login using the Sign-In button on the Evolve website. This will take you to the Evolve welcome screen.
 

STEP 3: SETUP YOUR EVOLVE BILLING

Evolve subscriptions and usage-based bills are charged via credit card. You can setup your payment method via the Billing feature located under your Profile Menu towards the top right-hand corner of your Evolve Account. Select the “Add Payment Method” button that will load the Evolve Secure Payment Gateway page where you can add your credit card details.

As part of our fraud-prevention controls, your credit card will be charged a nominal amount that you need to enter to verify your credit card before it can be used for payments. Your Evolve Account is now setup and you are ready to mature your security.
  

STEP 4: SELECT YOUR EVOLVE REGION

Evolve is a specialist security automation cloud, which means that it has globally distributed infrastructure enabling geographic security controls allowing you to keep your data and processing within the geographical regions aligned to your business needs. You can select your Evolve Region in the top right-hand corner of your Evolve Account. Any actions you take will occur within your selected Evolve Region.
  

STEP 5: IMPORT WORKFLOW FROM THE EVOLVE MARKETPLACE

The Automated External Infrastructure Penetration Testing workflow is available in the Evolve Marketplace, which you can navigate to under the Marketplace side-menu. Whilst in the Evolve Marketplace, you can locate this workflow by either selecting the “Penetration Testing” category and browsing through the available workflows, or by searching for the keyword “external”.

By clicking on the Automated External Infrastructure Penetration Testing workflow marketplace item, you can review the overview of the workflow, as well as usage and subscription pricing information. Click the Import button and simply step through the import steps, where you will then be redirected to the Imports page. You may need to use the Reload button to see your newly imported workflow.

Once the import status changes from “Pending” to “Available”, you have successfully subscribed to this security automation workflow and added this specialist security capability to your business.
  

STEP 6: IMPORT EXPLOIT SERVER FROM THE EVOLVE MARKETPLACE

The Evolve Automated Exploitation Module natively integrates with the Metasploit Exploit Framework to provide you with intelligent automated exploit selection, configuration and exploitation in order to verify the exploitability of your vulnerabilities and automatically prioritise them to maximise the effectiveness of your security operations.

The Evolve Metasploit Server is available as a free subscription in the Evolve Marketplace, which you can navigate to under the Marketplace side-menu. Whilst in the Evolve Marketplace, search for the keyword “metasploit”.

By clicking on the Metasploit Server workflow marketplace item, you can review the overview of the workflow, as well as usage information. Click the Import button and simply step through the import steps, where you will then be redirected to the Imports page. You may need to use the Reload button to see your newly imported workflow.

Once the import status changes from “Pending” to “Available”, you have successfully imported this security automation workflow and added an automated exploitation capability to your security team.
  

STEP 7: LAUNCH AN EVOLVE NAT GATEWAY

Evolve NAT Gateways allow your Evolve workflows to originate from a dedicated static public IP address. This is important when executing Evolve Automated External Infrastructure Penetration Testing so that you can identify that these attacks are originating from your Evolve Account rather than real-world attackers.

Select the Security Zones side menu and select the Gateways menu item. Click the New Gateway button and select “NAT” as the Gateway Type. Set a useful name for your Gateway and click the Next button, which will take you to the Gateway Size page. For most use cases to execute Automated External Infrastructure Penetration Testing workflows, a Micro Gateway should be sufficient. For larger organizations with more internet-accessible hosts or multiple Evolve workflows running in parallel, a Medium Security Zone may want to be considered or workflows be split across separate NAT Gateways. Click the Next button once your Size has been selected.

Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Evolve NAT Gateway with the configurations specified and will take around five minutes.

You should wait for the NAT Gateway state to change from “Pending” to “Available” before moving onto the next step. You can use the “Reload” button to view your Evolve NAT Gateway static IP address.
  

STEP 8: LAUNCH YOUR SECURITY ZONES

Evolve Security Zones are isolated environments that provide scalable compute and storage to execute your Evolve Workflows. Security Zones can be launched in different configurations for different purposes.

We are going to launch the following two types of Security Zones:

  • Scalable Security Zone with NAT Gateway, which provides transparent scalability for the Automated External Infrastructure Penetration Testing workflow and a static outbound IP address to track the source of your attacks
  • Non-Scalable Security Zone, which provides our Metasploit Server with a static IP address allowing inbound connections for successful exploits to connect back to

We will first launch the Scalable Security Zone with NAT Gateway.

Select the Security Zones side menu item and click the New Security Zone button. Set a useful name for your Security Zone, such as “External_Penetration_Testing_Security_Zone”, and click the Next button, which will take you to the Security Zone Size page. For most use cases to execute Automated External Infrastructure Penetration Testing workflows, a Large Security Zone should be sufficient. For larger organizations with more internet-accessible hosts, an Extra-Large Security Zone may want to be considered or IP ranges should be split into separate penetration tests. Click the Next button once your Size has been selected.

The Configuration page allows you to specify the settings of your Security Zone:

  • The Volume Size is the size of your Security Zone cluster nodes’ disks used to temporarily store your module data during processing. The default size should be sufficient for Automated External Infrastructure Penetration Testing.
  • The Scalable setting configures the Security Zone to automatically scale up as the number of modules to be executed in parallel increases, whilst also automatically scaling down to nothing whilst the Security Zone is not being used in order to natively optimize usage charges. The Scalable setting should be selected for Automated External Infrastructure Penetration Testing.
  • The NAT Gateway should be set to our NAT Gateway that we previously launched, which means that the Security Zone nodes will pass all of their traffic through the Evolve NAT Gateway to utilize a static public IP addresses.
  • The VPN Gateway can be left as blank since this workflow does not need to access your organization’s internal systems.

Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Security Zone with the configurations specified and will take around five minutes.

We will now launch the Non-Scalable Security Zone.

Click the New Security Zone button and set a useful name for your Security Zone, such as “Exploitation_Security_Zone”, and click the Next button, which will take you to the Security Zone Size page. For most use cases to execute the Evolve Metasploit Server module, a Medium Security Zone should be sufficient. For larger organizations with more internet-accessible hosts, a Large Security Zone may want to be considered or IP ranges should be split into separate penetration tests. Click the Next button once your Size has been selected.

The Configuration page allows you to specify the settings of your Security Zone:

  • The default Volume Size should be sufficient for the Evolve Metasploit Server.
  • The Scalable setting should be unchecked so that we get an inbound static IP address. It should be noted that Non-Scalable Security Zones remain running at all times. In order to optimize costs, you can delete your Metasploit Server and Non-Scalable Security Zone. You will need to orchestrate these again before your next Automated External Infrastructure Penetration Test and you will receive a different public IP address.
  • The NAT Gateway can be left as blank since a Non-Scalable Security Zone is assigned its own static public IP address.
  • The VPN Gateway can be left as blank since this workflow does not need to access your organization’s internal systems.

Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Security Zone with the configurations specified and will take around five minutes.

You should wait for the Security Zones’ states to change from “Pending” to “Available” before moving onto the next step.

  

STEP 9: LAUNCH YOUR EXPLOITATION SERVER

Evolve has the concept of “Workflows” and “Workflow Instances”. You have imported the Metasploit Server Workflow, which can be thought of as your exploitation security capability. You now need to launch an instance of this Metasploit Server. This is referred to as an Evolve Infrastructure Module that runs all the time.

Select the Workflows side menu item to list your available workflows. You will find a series of buttons alongside your Metasploit Server Workflow where you will need to click the button called “Create Instance”. Set a useful name for your workflow instance and click the Next button, which will take you to the Parameters page where you provide your Metasploit Server orchestration details.

Enter the following information within the parameters:

  • The Evolve Agent can be left blank, which instructs Evolve to automatically create a new Evolve Agent and install it within your orchestrated Metasploit Infrastructure Module.
  • Set the three ports to be 443, 80 and 53. These are common outbound ports open by organizations to the internet that our exploits will automatically use.

Click the Next button to go to the Configuration page where you select the location where your Metasploit Server module will be launched. You should select your Exploitation Security Zone that you created previously. Leave the Agent and Agent Device not selected since we do not want this Metasploit Server outside of Evolve at this stage. This can be done by more advanced users to remotely orchestrate security infrastructure outside of Evolve.

Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Metasploit Server module instance, within your Exploitation Security Zone. The new Evolve Metasploit Agent will begin polling Evolve for exploits to be run.

  

STEP 10: LAUNCH A WORKFLOW INSTANCE

You have imported the Automated External Infrastructure Penetration Test Workflow, which can be thought of as your security team’s penetration testing security capability. You now need to launch a Workflow Instance to be executed with details for your external systems.

Select the Workflows side menu item to list your available workflows. You will find a series of buttons alongside your Automated External Infrastructure Penetration Test Workflow where you will need to click the button called “Create Instance”. Set a useful name for your workflow instance and click the Next button, which will take you to the Parameters page where you provide your organization and system details.

Enter the following information within the parameters to include within the scope of the Automated External Infrastructure Penetration Test:

  • Hosts to include and exclude as a comma separated list of your IP addresses and CIDR ranges. The included systems will undergo active attacks.
  • Domains to include and exclude as a comma separated list. Domains are used for automated reconnaissance purposes and are not actively attacked.
  • A single organization name to include. The best name to use is the one in your LinkedIn company profile.
  • A useful name for your Evolve Dashboard to display the results
  • Select the date and time to schedule your first Automated External Infrastructure Penetration Test, which will automatically be repeated monthly.

Click the Next button to go to the Configuration page where you select the default location for modules will be executed. You should select the External Penetration Test Security Zone that you created for this workflow. Leave the Agent and Agent Device not selected since we do not want this workflow to run via an Evolve Agent.

Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Automated External Infrastructure Penetration Test workflow instance, including all Module Instances and Containers, using the configurations that you specified for your organization.

Your workflow will be automatically launched by Evolve on the specified date and time, and relaunched every month to ensure you stay up to date with the latest threats to your organization.
  

STEP 11: REVIEW YOUR EVOLVE DASHBOARD

A typical Automated External Infrastructure Penetration Test workflow can run from around eight hours to around three days depending upon the number of email addresses, systems, services and exploits gathered for the target organization. Detailed automation activities can be viewed via the Events page that can be accessed via the Events side menu item.

A quick access menu for every Evolve Dashboard can be found under the Automation side menu. You may find that you need to refresh your web browser page for your new dashboards to appear in this list.

Select your Evolve Automated External Infrastructure Penetration Test Dashboard to view the results of your penetration test. Any spinning charts indicate that those components of the workflow are still running.

Review this dashboard on a monthly basis to gain insights into the latest threats and intelligence about your organization’s security posture.

More advanced users may also want to be notified when your penetration test is complete by importing the Evolve SlackBot from the Evolve Marketplace and chaining it off your Results Output Container for real-time ChatOps notifications.

FEATURED VIDEOS

Getting Started with Evolve Automated Compromised Account Monitoring
Visit the Evolve Solution page for more information, features, pricing, FAQs and the Getting Started Guide MORE
Getting Started with Evolve Automated External Infrastructure Penetration Testing
Visit the Evolve Solution page for more information, features, pricing, FAQs and the Getting Started Guide MORE

Getting Started with Evolve Automated Internal Infrastructure Penetration Testing
Visit the Evolve Solution page for more information, features, pricing, FAQs and the Getting Started Guide MORE

SECURITY BUDGET
OPTIMISATION WITH EVOLVE

Facebook Twitter LinkedIn Youtube

Facebook Twitter LinkedIn Youtube

© Threat Intelligence Pty Ltd | info@threatintelligence.com | 1300 809 437
Register Account | Terms of Use | Privacy Policy

© Threat Intelligence Pty Ltd | info@threatintelligence.com | 1300 809 437 | Register Account | Terms of Use | Privacy Policy