Select Page

AUTOMATED INTERNAL INFRASTRUCTURE PENETRATION TESTING 

WHAT IS AUTOMATED INTERNAL INFRASTRUCTURE PENETRATION TESTING?

 

Evolve orchestrates scalable penetration testing environments specifically for the type of penetration test you want to perform. You choose the level of protection and intensity that is right for your business needs with event-driven or daily, weekly and even monthly periodic penetration testing.

The Evolve “Automated Internal Infrastructure Penetration Testing” solution helps organizations orchestrate on-demand penetration testing environments. This means you can run an internal penetration test in any location across corporate networks within on-premise data centres and public clouds, including AWS and Azure.

Minimize the time it takes to detect and verify critical internal risks and security weaknesses. A powerful combination of automated reconnaissance and active attacks with intelligent and safe exploitation across your internal infrastructure, means security teams can automatically detect, verify and prioritize your internal risks to ensure that your organization can dedicate your time to effectively reducing real business risks.

Evolve orchestrates on-demand penetration testing environments in real-time that are designed to perform context-based attacks against your internal networks and systems to identify your critical threats and risks. Security teams can efficiently and effectively reduce risk through automated integration of automated reconnaissance results, system and software fingerprinting, real-time exploit and malware searches, with automated attacks and exploitation.

Running regular automated and repeatable internal penetration tests help you stay on top of the latest attack techniques and manage critical risks throughout the year. Verify remediation actions immediately to ensure their effectiveness and identify other avenues of attacks.

Register your free Evolve account now 

 

EVOLVE MARKETPLACE

Automated Internal Infrastructure Penetration Testing is available in the Evolve Marketplace. Simply import this automation workflow into your Evolve Account with flexible monthly subscriptions to maximize your security budgets MORE

GET STARTED

Our Getting Started Guide will step you through importing and launching your first Automated Internal Infrastructure Penetration Test. Enhance your specialist security capabilities now MORE

FEATURES

Employee Social Media Reconnaissance

Email Reconnaissance and Verification

Online Compromised Account Reconnaissance

Offline Compromised Account Reconnaissance

Darknet and Reputation Reconnaissance

IP and DNS Reconnaissance

Cyber Threat Intelligence Reconnaissance

Exposed Port and Service Identification

Software Version Identification

Software Vulnerability Identification

Vulnerability Scanning

Public and Commercial Exploit Identification

Active Malware Exploitation Identification

Evolve Automated Exploit Configuration

Evolve Automated Exploitation

Automated Vulnerability Risk Prioritization

Automated Firewall Hole Identification

Automated Administrative Services Identification

FLEXIBLE SUBSCRIPTION PRICING

 

Evolve enables you to maximize your security budget by providing flexible monthly subscriptions with no lock in contracts. Simply import the Automated Internal Infrastructure Penetration Testing capability from the Evolve Marketplace to begin your subscription.

 

US$1,500 per month with no lock in contract

OPTIMISE YOUR COSTS WITH USAGE-BASED BILLING

IMPORT USAGE

Importing workflows and modules from the Evolve Marketplace has once-off usage charges per import to orchestrate your new capabilities

SECURITY ZONE USAGE

Evolve transparently optimizes usage charges related to the scaling of Security Zone infrastructure and storage in real-time

WORKFLOW USAGE

Evolve Workflow usage occurs when launching new workflows to orchestrate and chain your security automation modules and data

MODULE USAGE

Evolve Modules are stored and executed on-demand and in real-time that incur usage. Optimize usage by reduced module executions

SERVICE USAGE

Evolve Service usage occurs upon scheduled or on-demand service execution. Minimize usage by reducing service calls

CONTAINER USAGE

When storing and transferring data within Evolve Containers, usage charges can be optimized by compressing or expiring data

DASHBOARD USAGE

Generating and storing Evolve Dashboards incur usage to enable populating chart data from within Evolve Containers

EVENT USAGE

Evolve Event usage enables you to keep track of all of the security automation actions and events within your accounts

FREQUENTLY ASKED QUESTIONS

WHAT IS AUTOMATED INTERNAL INFRASTRUCTURE PENETRATION TESTING?

The first phase of the Evolve Automated Internal Infrastructure Penetration Testing includes automatically collecting and generating intelligence about your organisation, employees and systems that can be used by attackers to compromise your organisation. This includes identifying your most exposed employees, leaked usernames and passwords, compromised systems, suspicious dark web communications, unknown domains, systems and geographic locations.

The next phase is the Active Testing phase that includes internal system and software fingerprinting, real-time exploit and malware identification, automated internal vulnerability identification and attacks, followed by intelligent and automated exploit configuration and exploitation designed to compromise your internal systems, whether they are on-premise or hosted in a cloud.

The combined results of these phases are then used to automatically verify and prioritize your internal vulnerabilities to reveal those that are most at risk of being exploited to ensure that your internal teams dedicate their time to remediating real risks to your business.

HOW DO I GET STARTED?

The first step is to register for an Evolve Account. You will then have access to the Evolve Marketplace where you can subscribe to the Automated Internal Infrastructure Penetration Testing solution. Simply import this automation workflow into your Evolve Account.

You can follow the Getting Started Guide to then schedule your first Automated Internal Infrastructure Penetration Test workflow instance. The results will automatically be displayed in the corresponding Evolve Dashboard. 

IS THE AUTOMATED EXPLOITATION FEATURE SAFE?

Evolve Automated Internal Infrastructure Penetration Testing is designed to automatically identify in real-time the latest available exploits on the internet for the vulnerabilities that have been identified on your systems.

These exploits are then automatically analyzed to identify if the exploit is known to trigger a Denial of Service condition, in which case you will be notified of the exploit and the execution will be skipped.

On top of this, exploits are automatically classified to determine their maturity and quality level to ensure that only exploits classified as safe are launched against your systems.

Other contextual information about your environment is also used to configure the exploits in the best possible way using the information available.

HOW DOES EVOLVE ACCESS INTERNAL SYSTEMS?

Evolve provides enterprise-grade security controls allowing you to orchestrate on-demand Evolve VPN Gateways to enable secure and isolated remote access to your internal systems via the Evolve VPN Client. All you need is an Ubuntu machine with the easy to install Evolve VPN Client, and you are ready to start.

Evolve places security as our highest priority. As a result, Evolve transparently delivers the “Evolve Global Certificate Authority”. This implements an extensive and private “4-Tier Certificate Authority Heirarchy” for segregated encryption and authorization. This is designed at the core of Evolve to deliver Global Trust, Regional Trust, Customer Trust, and Product Trust so that your data remains secure no matter where it is located.

The Evolve VPN Gateways and Clients natively integrate with the Evolve Global Certificate Authority for authentication and encryption to help ensure that connections to your internal environments remain secure and private.

Evolve Security Zones take this security even further providing native isolated environments with dedicated compute and storage restricted to your Evolve Account. Evolve Security Zones can be configured to use the Evolve VPN Gateway to securely and transparently perform Automated Internal Infrastructure Penetration Testing against your internal networks and systems.

GETTING STARTED WITH
AUTOMATED INTERNAL INFRASTRUCTURE PENETRATION TESTING

STEP 1: REGISTER AN EVOLVE ACCOUNT

Congratulations for deciding to mature and streamline your security capabilities and maximize your security budgets. Your first step is to simply Register an Evolve Account using the Register button on the Evolve website.

STEP 2: LOGIN TO YOUR EVOLVE ACCOUNT

Now that you have an Evolve Account, login using the Sign-In button on the Evolve website. This will take you to the Evolve welcome screen.
 

STEP 3: SETUP YOUR EVOLVE BILLING

Evolve subscriptions and usage-based bills are charged via credit card. You can setup your payment method via the Billing feature located under your Profile Menu towards the top right-hand corner of your Evolve Account. Select the “Add Payment Method” button that will load the Evolve Secure Payment Gateway page where you can add your credit card details.

As part of our fraud-prevention controls, your credit card will be charged a nominal amount that you need to enter to verify your credit card before it can be used for payments. Your Evolve Account is now setup and you are ready to mature your security.
  

STEP 4: SELECT YOUR EVOLVE REGION

Evolve is a specialist security automation cloud, which means that it has globally distributed infrastructure enabling geographic security controls allowing you to keep your data and processing within the geographical regions aligned to your business needs. You can select your Evolve Region in the top right-hand corner of your Evolve Account. Any actions you take will occur within your selected Evolve Region.
  

STEP 5: IMPORT WORKFLOW FROM THE EVOLVE MARKETPLACE

The Automated Internal Infrastructure Penetration Testing workflow is available in the Evolve Marketplace, which you can navigate to under the Marketplace side-menu. Whilst in the Evolve Marketplace, you can locate this workflow by either selecting the “Penetration Testing” category and browsing through the available workflows, or by searching for the keyword “internal”.

By clicking on the Automated Internal Infrastructure Penetration Testing workflow marketplace item, you can review the overview of the workflow, as well as usage and subscription pricing information. Click the Import button and simply step through the import steps, where you will then be redirected to the Imports page. You may need to use the Reload button to see your newly imported workflow.

Once the import status changes from “Pending” to “Available”, you have successfully subscribed to this security automation workflow and added this specialist security capability to your business.
  

STEP 6: CREATE AN EVOLVE VPN CERTIFICATE

Evolve VPN Gateways allow your Evolve workflows to securely access your internal networks and systems, whether they are on-premise or in the cloud. The Evolve VPN Gateway natively integrates with the “Evolve Global Certificate Authority” to generate trusted “Evolve VPN Certificates” for secure authentication and encryption.

Select the Credentials side menu and select the Certificates menu item. Click the New Certificate button, set a useful name for your Certificate and click the Next button, which will take you to the Review page. 

Click the Create button to automatically generate a new VPN Certificate using the “Evolve Global Certificate Authority”. You can now use this certificate when launching an Evolve VPN Gateway.

  

STEP 7: LAUNCH AN EVOLVE VPN GATEWAY

Select the Security Zones side menu and select the Gateways menu item. Click the New Gateway button and select “VPN” as the Gateway Type. Set a useful name for your Gateway and click the Next button, which will take you to the Gateway Size page. For most use cases to execute Automated Internal Infrastructure Penetration Testing workflows, a Micro Gateway should be sufficient. For larger organizations with more internal hosts or multiple Evolve workflows running in parallel, a Medium Security Zone may want to be considered. Click the Next button once your Size has been selected.

Select your Evolve VPN Certificate that you want to use with your Evolve VPN Gateway. Enter your internal IP ranges as a comma separated list of IP addresses or CIDR ranges. You should be as fine-grained as you can to avoid conflicting internal IP ranges used by your Evolve Security Zones (10.1.0.0/16) and Evolve VPN Tunnel (172.16.100.0/24).

Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Evolve VPN Gateway with the configurations specified and your selected Evolve VPN Certificate. This will take around five minutes.

You should wait for the VPN Gateway state to change from “Pending” to “Available” before moving onto the next step. You can use the “Reload” button to select and view your Evolve VPN Gateway details.
  

STEP 8: SETUP YOUR EVOLVE VPN CLIENT

Now that you have your Evolve VPN Gateway in place, you can setup your Evolve VPN Client on your internal network. This will connect back to the Evolve VPN Gateway automatically using your Evolve VPN Certificate for trusted authentication and encryption. The Evolve VPN Client can either connect directly or over your authenticated proxy to fit in with your security architecture.

Your first step is to setup an Ubuntu machine on your internal network, which should have access to the systems that you want to undergo internal penetration testing. This machine should have access to the internet, either directly or configured with the required proxy details, so that the required Linux packages can be installed automatically.

From within the Evolve Console, select the Security Zones side menu and select the Gateways menu item to list your available Evolve Gateways. You will find a series of buttons alongside your VPN Gateway where you will need to click the button called “Download”. This will download a ZIP file containing the Evolve VPN Client installer and your corresponding Evolve VPN Client Certificates. Copy this ZIP file to your Ubuntu machine and unzip the contents.

Open a Terminal and change to the directory where you extracted the Evolve VPN Client Installer. You may need to set the installer to be executable by running the command “chmod 750 install.sh“. You can now view the installer options by running “sudo ./install.sh -h“, as shown below:

  • -r : Running the installer
  • -i : Proxy IP address to use
  • -p : Proxy port to use
  • -a : Proxy authentication types to use (basic, ntlm)
  • -u : Proxy username (including Windows Domain)
  • -p : Proxy password

If you don’t use a proxy then you can simply run “sudo ./install.sh -r“. If you have a proxy with no authentication then you can run “sudo ./install.sh -r -i {proxyip} -p {proxyport}“. If you have a proxy that requires authentication, then you can run “sudo ./install.sh -r -i {proxyip} -p {proxyport} -a {authtype} -u {proxyuser} -p {proxypass}“.

This will automatically install all of your dependencies, configure your Evolve VPN Client, set it to start on boot, and automatically connect to your Evolve VPN Gateway. To check your connection you can run the command “sudo systemctl status openvpn@evolve.service” that should show that the VPN client is running and connected.

You are now ready to setup your Security Zone to use your Evolve VPN Gateway.
  

STEP 9: LAUNCH YOUR SECURITY ZONE

Evolve Security Zones are isolated environments that provide scalable compute and storage to execute your Evolve Workflows. Security Zones can be launched in different configurations for different purposes.

We are going to launch the following type of Security Zone:

  • Scalable Security Zone with VPN Gateway, which provides an isolated environment with transparent scalability for the Automated Internal Infrastructure Penetration Testing workflow with routes to your internal systems through your Evolve VPN Gateway

Select the Security Zones side menu item and click the New Security Zone button. Set a useful name for your Security Zone, such as “Internal_Penetration_Testing_Security_Zone”, and click the Next button, which will take you to the Security Zone Size page. For most use cases to execute Automated Internal Infrastructure Penetration Testing workflows, a Large Security Zone should be sufficient. For larger organizations with more hosts, an Extra-Large Security Zone may want to be considered and IP ranges should be split into separate penetration tests. Click the Next button once your Size has been selected.

The Configuration page allows you to specify the settings of your Security Zone:

  • The Volume Size is the size of your Security Zone cluster nodes’ disks used to temporarily store your module data during processing. The default size should be sufficient for Automated Internal Infrastructure Penetration Testing.
  • The Scalable setting configures the Security Zone to automatically scale up as the number of modules to be executed in parallel increases, whilst also automatically scaling down to nothing whilst the Security Zone is not being used in order to natively optimize usage charges. The Scalable setting should be selected for Automated Internal Infrastructure Penetration Testing.
  • The NAT Gateway can be left as blank unless you specifically want any traffic destined for the internet to originate from a static public IP address, in which case you can select an Evolve NAT Gateway if you have previously set one up. This should not be required for our use case.
  • The VPN Gateway should be set to your VPN Gateway that you previously launched, which means that the Security Zone nodes will pass all of their traffic destined for your internal IP ranges through the Evolve VPN Gateway to access your internal networks and systems.

Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Security Zone with the configurations specified and will take around five minutes.

You should wait for the Security Zone state to change from “Pending” to “Available” before moving onto the next step.

  

STEP 10: LAUNCH A WORKFLOW INSTANCE

You have imported the Automated Internal Infrastructure Penetration Test Workflow, which can be thought of as your security team’s internal penetration testing security capability. You now need to launch a Workflow Instance to be executed with details for your internal systems.

Select the Workflows side menu item to list your available workflows. You will find a series of buttons alongside your Automated Internal Infrastructure Penetration Test Workflow where you will need to click the button called “Create Instance”. Set a useful name for your workflow instance and click the Next button, which will take you to the Parameters page where you provide your organization and system details.

Enter the following information within the parameters to include within the scope of the Automated Internal Infrastructure Penetration Test:

  • Internal hosts to include and exclude as a comma separated list of your IP addresses and CIDR ranges. The included systems will undergo active attacks.
  • Domains to include and exclude as a comma separated list. Domains are used for automated reconnaissance purposes and are not actively attacked.
  • A single organization name to include. The best name to use is the one in your LinkedIn company profile.
  • A useful name for your Evolve Dashboard to display the results
  • Select the date and time to schedule your first Automated Internal Infrastructure Penetration Test, which will automatically be repeated monthly.

Click the Next button to go to the Configuration page where you select the default location for modules will be executed. You should select the Internal Penetration Test Security Zone that you created for this workflow. Leave the Agent and Agent Device not selected since we do not want this workflow to run via an Evolve Agent.

Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Automated Internal Infrastructure Penetration Test workflow instance, including all Module Instances and Containers, using the configurations that you specified for your organization.

Your workflow will be automatically launched by Evolve on the specified date and time, and relaunched every month to ensure you stay up to date with the latest internal priority risks within your organization.
  

STEP 11: REVIEW YOUR EVOLVE DASHBOARD

A typical Automated Internal Infrastructure Penetration Test workflow can run from around eight hours and up to a week, depending upon the number of email addresses, systems, services and exploits gathered for the target organization. Detailed automation activities can be viewed via the Events page that can be accessed via the Events side menu item.

A quick access menu for every Evolve Dashboard can be found under the Automation side menu. You may find that you need to refresh your web browser page for your new dashboards to appear in this list.

Select your Evolve Automated Internal Infrastructure Penetration Test Dashboard to view the results of your penetration test. Any spinning charts indicate that those components of the workflow are still running.

Review this dashboard on a monthly basis to gain insights into the latest threats and intelligence about your organization’s security posture.

More advanced users may also want to be notified when your penetration test is complete by importing the Evolve SlackBot from the Evolve Marketplace and chaining it off your Results Output Container for real-time ChatOps notifications.

FEATURED VIDEOS

Getting Started with Evolve Automated Compromised Account Monitoring
Visit the Evolve Solution page for more information, features, pricing, FAQs and the Getting Started Guide MORE
Getting Started with Evolve Automated External Infrastructure Penetration Testing
Visit the Evolve Solution page for more information, features, pricing, FAQs and the Getting Started Guide MORE

Getting Started with Evolve Automated Internal Infrastructure Penetration Testing
Visit the Evolve Solution page for more information, features, pricing, FAQs and the Getting Started Guide MORE

SECURITY BUDGET
OPTIMISATION WITH EVOLVE

Facebook Twitter LinkedIn Youtube

Facebook Twitter LinkedIn Youtube

© Threat Intelligence Pty Ltd | info@threatintelligence.com | 1300 809 437 | Register Account | Terms & Conditions | Privacy Policy

© Threat Intelligence Pty Ltd | info@threatintelligence.com | 1300 809 437 | Register Account | Terms & Conditions | Privacy Policy