FAQ

Frequently Asked Questions

Lorem Ipsum Is Simply Dummy Text Of

Use Cases for Automated Penetration Testing?

Because vPenTest's automated network penetration testing is available year-round at no additional cost, it can support a wide range of use cases to enhance security posture and mitigate risk effectively, including:

• External Network Penetration Testing
• Internal Network Breach Simulation Testing
• Network Segmentation Assessments
• Inter-VLAN Rule Validation
• Threat Modeling
• Attack Vector Assessment
• Device Pre-Deployment
• Configuration Testing
• "What If" Scenario Testing
• IoT Device Testing
• Zero Trust Validation
• Incident Response Readiness Testing
• Privilege Escalation Testing
• Endpoint Security Validation

What Tools Are Used by Automated Network Penetration Testing?

The backend tools powering vPenTest include industry-standard tools and utilities widely trusted and utilized across the cybersecurity field.

They have been rigorously vetted through years of use in professional engagements, offering robust capabilities for reconnaissance, vulnerability scanning, exploitation, and post-exploitation tasks. Their versatility and reliability make them indispensable in identifying and addressing security vulnerabilities within networks and systems.

By automating their use, vPenTest delivers the same robust capabilities as traditional manual network penetration testing services.

• Nessus
• Gobuster
• Curl
• Hashcat
• Metasploit
• Empire
• Mimikatz
• vImpacket
• Bloodhound
• Leprechaun
• Nmap
• Masscan
• SSLScan
• pyFOCA
• URLCrazy
• Dnsmap
• Arping
• Whois
• Shodan
• Sublist3
• Tcpdump
• Mitm6
• Responder
• Arpspoof
• PowerSploit

Why Automate Network Penetration Testing?

Information Technology exists to automate processes, improving reliability and efficiency.

Consider how automation has transformed other fields:

• Word processors replaced typewriters.
• Accounting systems replaced calculators.
• Anti-malware software automatically protects.
• Automated security alerts notify IT teams in real time.
• Autonomous patch management with RMM.
• Robotics in manufacturing.

Wherever human variability is involved, the risk of errors, fatigue, and skill gaps persists. Automation minimizes these risks, offering consistency and precision that human effort alone cannot match.

Penetration Testing vs. Vulnerability Assessment.

A network penetration test is the manual testing procedures executed by a security consultant to identify and exploit security flaws within the environment. The goal of a penetration test is to demonstrate the impact of successfully exploiting any of the vulnerabilities or weak configurations that may be discovered. This activity can also be referred to as Ethical Hacking.

A vulnerability assessment is usually performed to discover vulnerabilities that have been publicly documented and, thus, already known. In many cases, if a specific signature has not been created to detect a vulnerability, it may not be detected during this vulnerability assessment. Most commonly, vulnerability scanns compare a public CVE listing to the software installed on the devices.

What is vPenTest Methodology for Penetration Testing?

vPenTest automated network penetration testing methodology follows the exact same processes as consultants would if they were to perform a penetration test manually.

Does vPenTest Perform Exploits?

vPenTest performs several exploit attempts depending on the vulnerabilities present within the network. The exploits that are performed during testing are known to be safe and typically provide access to systems and/or resources. After successful exploitation, vPenTest also performs post-exploitation attacks, which includes privilege escalation and lateral movement within the network environment.

It should be noted that these exploits have been tested for several years, and dozens of times if they are new, to ensure minimal impact.

How Does vPenTest Stay Ahead of Emerging Threats?

At VONAHI, the vPenTest development team is composed of seasoned security researchers and consultants actively engaged in red and blue team operations. This dual expertise ensures continuous research and refinement of attack techniques to align with the latest cyber threats.

The vPenTest research teams are deeply embedded in the global information security community, contributing to the industry by developing innovative tools and scripts widely utilized by cybersecurity professionals across organizations.

As new attacks and tools emerge, the vPenTest team rigorously tests and verifies methods in lab environments tailored to simulate real-world scenarios. They also collaborate with industry experts to maintain cutting-edge capabilities, ensuring our methods remain effective against the constantly evolving threat landscape.

See the following references for some of our industry contributions:
Vonahi Security’s Research & Development Site (vonahi.io)
Alton Johnson’s GitHub
Erik Wynter’s GitHub
Vonahi Security’s GitHub

Does vPenTest Leverage the MITRE ATT&CK Framework?

Over the course of the development of the platform, vPenTest has constantly added new ways to provide more value to customers. In the beginning of January of 2021, vPenTest started implementing references to the MITRE ATT&CK Framework, which can now be used by customers to investigate the attacks and mitigation techniques. It should be noted that the platform is not based on the MITRE ATT&CK Framework, and that the framework was just simply implemented as a way to provide more value.

We Use Expensive Pen Test Vendors, Why Introduce Change?

Many large organizations, including Fortune 500 companies, invest heavily in well-known and high-cost penetration testing services. Data reveals that breaches and cyberattacks persist at concerning rates. Adapting to the ever-changing landscape of cyber threats may require a fresh approach—one that goes beyond traditional strategies to proactively address emerging vulnerabilities.

We Have a Large IT Department, Why Add vPenTest Service?

Despite substantial investments in IT resources, data shows that network breaches are escalating across organizations of all sizes, including those with extensive and well-funded IT departments.

Even Fortune 500 companies such as Halliburton, United HealthCare, AT&T, and others have experienced successful cyberattacks

Incorporating regular penetration testing ensures that your security measures are not just implemented but are actively validated for effectiveness against evolving threats. This proactive approach can significantly enhance your organization's overall cybersecurity posture.