Phases of intelligence-led penetration testing

Purpose of Intelligence-led penetration and its phases – 4 

An intelligence-led penetration testing can be defined as an assessment for a valuable addition of cyber threat intelligence in the approach to execution. In the last series of cyber talks by Varun Srivastava, he has explained phases of penetration testing that are threat intelligence oriented.

The threat intelligence penetration testing combines two services, the first is about threat intelligence input which provides up-to-date detailed insight and awareness of threat actors, attack vectors and other resources. On the other side, there is a penetration testing professional who is conducting technical assessments of network security and business risks.

Varun Srivastava addresses the three combined phases for an intelligence-led penetration testing approach –

Phase 1: This phase involves contextualized detailed understanding and reporting as to contemporary threats and threat actors that could impact your organization. In this phase, the analysts should be able to answer three questions – the threats that are likely to target and their capabilities, the business systems that are most attractive to external attackers and your current exposure to open source possibilities. The last question requires an evaluation of the company’s digital footprint.

An analyst should be able to investigate how easy it would be for an attacker to learn about your company, your network infrastructure, and processes by examining your social presence. All these include your company’s webpage, Twitter, LinkedIn, Facebook and other digital presence that you have. This stringent diligence can be augmented with an understanding of your risk management and compliance requirements.

Phase 2: In this phase, the analyst should perform the actual penetration test as per information gathered from phase one. This involves conducting exercises that are based upon the scenarios defined in phase one and will be connected in a realistic way as possible. So, each test will be perpetrated to a pre-agreed conclusion as achieving a pre-defined level of access in the organization or a specific data system. These exercises will include an assessment of relevant portions of the network architecture, technical implementation, capability in responding to attacks as well as people and processes responsible for security.

Phase 3: Having completed all the technical assessments of the network people and processes, analysts should present their outcomes in three key deliverables. The first deliverable has to be a threat intelligence report which provides a backdrop to the testing perform and gives situational awareness to the cyber threat, which your company may face. It also talks about the test report and the security improvement plan. At this stage, we understand that CTI provides very valuable information to penetration testing exercise and in turn, helps to enrich data that comes out of a traditional penetration testing report.

To sum up, on penetration testing, the webinar suggests few do’s and don’ts that are generally recommended for traditional penetration testing exercise. For example, if penetration testing is not done properly, it can cause a lot of damage. It could crash servers, expose sensitive data and corrupt crucial production data drives, etc. He asks the management to trust the penetration tester because every tester will have a different way of doing a test. Applying realistic test conditions is also significant, otherwise, the result will be misleading.

People often confuse a red team with a penetration testing exercise. “red teaming as the open scope and it is up to the tester to decide how to approach the test. It is also driven by a specific goal rather than a brief to find vulnerabilities”, finds Varun Srivastava.

The webinar concludes about the key takeaways for a penetration testing exercise. The companies must put in place appropriate organizational and technical measures to ensure that their data is sufficiently protected. Therefore, appropriate countermeasures should be considered by the organizations to protect both the data and adverse events focused on data breaches and either inadvertent errors among others, which will help to shape a proper pentest strategy and in turn protect your data. He closed the sessions inviting any questions which he will be glad to reply to.

EC-Council has been a leading cybersecurity credentialing body world-wide. EC-Council University being a concern of the larger EC-Council Group conducts ‘Cyber Talks’ on a weekly basis to benefit the cyber community at large. These webinars serve as potential input to cybersecurity enthusiasts who are willing to acquire new skills and grow in the industry. EC-Council as a credentialing body offers cybersecurity programs of different levels. EC-Council Certified Security Analyst (ECSA) is a comprehensive penetration testing program that is in continuation of the popular of all, C|EH. ECSA followed by ECSA (Practical) certifications entitles you to be a penetration tester having required knowledge and ready job skills to grab an opportunity you have been seeking.

EC-Council University conducts CyberTalks weekly by renowned cybersecurity experts who liberally come forward to share their knowledge and experience with other seeking aspirants. This article is an abstract from the CyberTalk series by speaker Varun Srivastava. Varun is based in UAE and has 12+ years of experience in cybersecurity. He currently heads cyber threat intelligence function for Mubadala / Injazat Data Systems, which is based out of Abu Dhabi, UAE. In his webinar, he covers different aspects of intelligence-driven penetration testing. Watch the video now!

For the sake of convenience and to provide you with in-depth knowledge on the subject, we have created series of this particular cybertalk. You can visit these links to access other two parts of the webinar @

get certified from ec-council
Write for Us