A vulnerably scanner is an automatic tool capable of actively detecting vulnerabilities in a target infrastructure, simulating the role of an attacker. Usually this kind of activity is called penetration testing or pen testing, i.e. “an authorized simulated cyber-attack on a computer system, performed to evaluate the security of the system”[1]. The idea is that you must think like a hacker if you want to catch a hacker. The penetration testing is also classified as a type of ethical hacking or white hat hacking. The key of ethical hacking is the use of hacking tools, the tools that the real hackers use, to test the system. But it's not not only about the tools, the penetration testing also uses some common methodologies associated with the modus operandi of the hackers.

Usually, there are 5 phases in an attack[2]:

● Phase 1 Reconnaissance: Gathering information, not only about networks and servers, also about persons for a social engineering attack.

● Phase 2 Scanning: Use of technical tools for knowing the system, searching for known vulnerabilities.

● Phase 3 Gaining Access: The hacker uses the knowledge from previous phases and suitable tools to exploit some vulnerable machines in the system. Sometimes, it is an iterative process, using a machine in the system to attack others in order to reach a target objective, as the credit card information.

● Phase 4 Maintaining access: making some changes in the attacked system to avoid being expelled, at least for the required time for exploiting the attack.

● Phase 5 Covering tracks: The hacker finish deleting the existence of the attack, and specially, to avoid being tracked and identified.

In hacking there are several possible means of penetration, so these are checked on pen testing[3]: Network, Web applications, Wireless, Social engineering, Physical attack. The most common mean of attack for a remote hacker is the first and second type, and the Atos Vulnerability Assessment and PenTesting Service (VAnPS) focuses on these.

Other interesting concepts that are necessary to consider are the white-box and black-box approach. In the black-box approach, the ethical hacker doesn’t hold any previous knowledge about the system and thus, the pen test team must make a strong reconnaissance phase. The alternative approach (white-box) is to assume that the malicious hacker has obtained somehow a knowledge of the system, so the pen test is informed about the internals of the system too. The Atos VAnPS tool uses both a black-box and white-box approach and the tool will be provided with all the information available, installing inventory applications in target machines or providing web application structure needed by other tools, but this information is going to be double-checked and complemented using “black-box” techniques.

The Atos VAnPS tool integrated in FINSEC orchestrates some external, commonly used tools to support the typical pen-testing methodology but with little or no human help. Along with the inventory tools (white and black box reconnaissance tools) and different types of vulnerability scanners (network and web application), the VAnPS is composed by an internal knowledge base and some orchestration, analytic and information processing modules. Thus the result is a consolidated and normalized report about vulnerabilities and suspect findings discovered in the monitored infrastructure.

[1] “Penetration test” Retrieved from https://en.wikipedia.org/wiki/Penetration_test

[2] “Summarizing the five phases of penetration testing” Retrieved from https://www.cybrary.it/2015/05/summarizing-the-five-phases-of-penetration-testing/

[3] “What is pen testing”. Retrieved from https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html