Guidelines for white box penetration testing wired devices in secure network environments

Sammanfattning: As technology is becoming a prevalent and ubiquitous part of society, increasing levels of cybercrime have drawn attention to the need for suitable frameworks for ensuring the security of systems by conducting penetration tests. There are several large and established frameworks for doing so, and they tend to focus on complicated large systems with multiple endpoints, devices, and network layers. The majority of new penetration testing research is also directed toward this scenario, by building automated tools that rely on new research in artificial intelligence.  While it is admirable to see research adapt to address the tendency toward complexity in networks and systems, it has created a research gap in the other direction. There is no specialized type of framework to accurately and efficiently test an important type of scenario where there is a wired network device in a secure environment that is subject to the risk of insider threat. The large established frameworks mostly advocate for testing using a black-box approach and automated tools. This approach is unsuitable for the scenario since it is likely to produce a level of false positives that is too high, and black box testing also contains steps that are slow and unnecessary.  This master thesis project has created a set of specialized penetration testing guidelines that are tailored to handle the scenario. By instead adopting a customized white-box approach and using mostly manual tools, the guidelines are built for accuracy, efficiency, and addressing the dangerous risk of insider threats. They were developed based on a systematic literature review of the scientific field. Further, they were produced using Design Science Research methodology, and evaluated by an expert panel of three professional penetration testers. They were also tested in a real-life scenario at a government agency focused on national security. The tests were able to find three vulnerabilities of the target device, where two of them would have been missed by a black-box approach. Compared to the established frameworks, the developed guidelines are estimated to be at least 20 percent faster.