In this phase exploration is conducted to gain information or access to a network by enumerating the IP addresses using lookup databases, using search engines, blogging and social networking site, and enumerating the services exposed to the Internet through active and passive finger printing. A few semi automated techniques include using persuasion and/or deception of employees through email or similar technologies, and making phone calls etc.

In this phase we attempt to gain access to information or access to a network. Scanning typically involves identifying of addressable devices connected to an organization’s network, network services operating on devices discovered, operating systems installed on devices, and applications running on devices. The result of a scan is a comprehensive list of all active hosts, services, open ports, operating systems, and applications operating in the address space scanned. In this phase, services, applications, and operating systems of scanned hosts are compared against vulnerability databases to indentify exploitable vulnerabilities (network, system, and application)

CAaNES’ penetration testing mimics an attacker with an adversarial intent to gain unauthorized access to client information, financial records, intellectual property, and sensitive portions of enterprise’s network from the perspective of a trusted user and an adversary from inside, remote, and outside. Upon initial penetration, we exploit internal trust relationships between systems in an effort to perform possible secondary exploits. This is all done in a red teaming environment in an effort to provide an adversarial perspective to identify your information infrastructure’s weakest links or “low hanging fruits” that might be visible to your employees, service providers, competitors, adversaries, and hackers. CAaNES intelligent penetration test (IPT) provides an in-depth and comprehensive testing of information systems (desktops and servers), network peripherals (routers, switches, and gateways), information security devices (firewalls and intrusion detection and prevention systems), and web applications (authentication systems and databases) by intelligently launching interruption, interception, modification, and fabrication attacks with minimal disruption to the client’s enterprise operations. IPT uses industry best practices for performing penetration testing in order to ensure cross validation, uniformity of processes, and consistency of results.

IPT automates common hacker attack technique (CHAT) for performing penetration testing through a multistage process.

IPT provides real-time testing capabilities against core information assurance building blocks (Network, Client, and Application). IPT’s attack modules consist of payloads that belong to one or more of the four major attack taxonomies (interruption, interception, modification, and fabrication). Testing is divided into three major categories internal, external and remote testing.
Network Penetration Test

replicates actions of an attacker with an adversarial intent to gain unauthorized access to portions of enterprise’s network i.e., any device that has a network address or is accessible to any other device from the perspective of a trusted user and adversary from inside, remote and outside.

Client Penetration Test

replicates actions of an attacker with an adversarial intent to gain unauthorized access using persuasion and/or deception to gain access to, or information about, information systems.

Application Penetration Test

replicates actions of an attacker to gain unauthorized access and/or gain greater level of access to web applications, e-commerce, ERP, and databases. Main goal of this test is to gain unauthorized access through privilege escalation using SQL injection, code injection, remote file inclusion, and cross site scripting

CAaNES uses Enterprise Vulnerability Exploration Network Technology (EVENT) to generate reports from multiple industry best scanners and proprietary techniques. EVENT is a comprehensive technology designed to provide a faster and easier way to assess network vulnerabilities, exploit the vulnerabilities assessed, and generate a detailed report together with the remediation of the vulnerabilities and the detailed procedures to patch the exploited vulnerabilities. Our unique idea is that just one-click of a button should initiate the complete process without any user intervention in the middle. The reports will are self-explanatory and will be very easy to manage assessment results, prioritize risks, and assist in designing a proactive security program.

EVENT tool uses a correlation engine to correlate consolidated reports from all the scanners used to Dshield’s top 10 reports (targets, source attack ports, and destination attack ports) to determine the intent of the attack (targeted or global trend).

About Dshield: Source [http://en.wikipedia.org/wiki/Dshield] Dshield is a community-based collaborative firewall log correlation system. It receives logs from volunteers’ worldwide and uses them to analyze attack trends. Analysis provided by DShield has been used in the early detection of several worms, like "Ramen", Code Red, "Leaves", "SQL Snake" and more. DShield data is regularly used by researchers to analyze attack patterns.

The goal of the DShield project is to allow access to its correlated information to the public to raise awareness and provide accurate and current snapshots of internet attacks. Several data feeds are provided to users to either include in their own web sites or to use as an aide to analyze events.