4 things a Black Hat Pen-Test will show you

A Black Hat Pen-Test will show you if a hacker can break into your organization, but does it fall short? The answer is; it depends on who is doing the Black Hat Pen-Test and how they do it.

Methodology is important in pen-testing, it will show you how the pen-test firm will conduct the penetration test, and it will also show you what the report will look like. Many organizations receive a lacking report and go searching for another pen-test firm for next year. Let’s talk about what I said above when I say lack of findings. In a Black Hat Pen-Test, we have many options, ill mention a few below:

  • You provide URLs for a web app or API – no credentials
  • You provide nothing- we will perform discovery and OSINT to determine targets
  • You provide a company name, we do the rest

A Black Hat Pen-Test is great for determine your external exposure and the defenses you have against an external hacker. A Black Hat Pen-Test however will not show you critical vulnerabilities hiding inside systems and networks of the hacker cannot get a foothold inside. When it comes to penetration testing, there is a variety of exercises that will produce different results. You can use these exercises to determine ways to strengthen your security posture, each pen-test style will identify different pathways that a hacker could take when targeting your organization.

A Black Hat Pen-Test will show you these 4 things:

  1. The mindset of the hacker
  2. Tools the hacker used to perform research and the results of the research (OSINT)
  3. Targets that the hacker was able to discover and how he created an attack narrative around them. (Attack Path/Attack Narrative)
  4. Results of the engagement (findings)