Resource

Australia Wide Internal & Wireless Network Penetration Testing

We are wherever you are. Project Black maintains capabilities to perform internal and wireless network testing anywhere in Australia.

Eddie Zhang

2 min read
Australia Wide Internal & Wireless Network Penetration Testing
SSH Tunnelling high level architecture diagram.

Traditionally, an internal network or wireless network penetration test meant one of two things: shipping consultants around the country (scheduling nightmare) or setting up test devices that require a manual VPN setup just to give the tester a foothold.

To solve this, Project Black maintains remote testing PCs and infrastructure designed to make these engagements almost zero-touch for customers.

Whether you're in the CBD or a regional site in the Pilbara - so long as Auspost delivers, our goal is to get your security testing started in minutes, not days.

In most deployments, you unbox the device, plug in the ethernet and power and you're ready to go.

Wireless USB adaptor not pictured.

The Technical Details

Upon boot, our test devices perform an outbound only connection over TCP port 443 to setup a SSH tunnel with our bastion host. No opening up of ports on your network perimeter required.

💡
SSH is typically used for controlling servers or transferring files but it can also be used to create secure encrypted tunnels.

Once the connection is established, our consultants can then remotely control the test device by hopping through our bastion host.

Additionally:

  • The devices are wiped and reimaged via PXE boot to ensure contamination between customers is impossible.
    • The host OS runs Kali Linux.
  • They are also configured with file system level encryption using fscrypt for working directories.

Alternative VM Option

If a physical device isn't practical, we also offer the option to bootstrap a VM you create with a single command.

The Exceptions

L7 Filtering

Layer 7 application filtering may identify and drop these connections if configured to enforce strict protocol-to-port alignment. This kind of filtering will deny non-HTTPS traffic on Port 443.

In these cases a firewall exception will be required to permit this outbound traffic.

No Onsite Internet

If the test site doesn't have an internet connection, our testing devices can also be provided with LTE modem if your security policies permit this.

But of course, if a physical consultant premise is required, traditional on-site visits are still available for projects.