What is a penetration test attack narrative?

If your report doesn’t have one, reach out to us and well explain why you need one.

Penetration testing is technical and many firms do not understand how to measure an organization’s true threat surface.

So what is an attack narrative and why does it matter. Anyone who has received a lacking penetration test report, or one that do not understand, you will want to know what an attack narrative is; because it’s exactly what you want.

A Penetration test is a goal-based exercise with the goal of obtaining “crown-jewels” or sensitive information of a particular type. This can be financial information, personal information, or some other information that would be useful or desirable to a hacker. Just as there are different types of “crown-jewels” there are different types of hackers that match. Some attackers are only in the market for personal information, while others are only after financial information. The common theme is an attacker wants access to the systems and information and will perform malicious acts to gain access to it. 

When a hacker is performing his initial steps (scanning, fingerprinting, enumeration) he will utilize a series of steps and different tools to match the technology (tech stack) that he is up against. These tools will pick and poke the systems and produce results the hackers can utilize for the multiple stages of the attack. understanding this information is critical because when you get a penetration test, you want more than just the results in a list, you want the actual methods and verbose steps that were involved with producing the findings so you can easily and efficiently remediate the discovered vulnerabilities.

Black Hat Pen-Test can scope and perform a custom penetration test to match your organization. Contact us today for a quote.