Advanced Black Box Penetration Testing (BBPen)

Illumant uses custom variants of technical and social engineering exploits to simulate a real world cyber-attack against your organization to test the effectiveness of existing measures to protect you against real cyber-attacks. The test, a "capture the flag" exercise, will attempt obtain predetermined targets from within the client's network without prior authorization (target is to be determined during the project but might include files, management interfaces, etc.)


  • Full penetration testing
  • Black box approach
    • Blind target enumeration
  • Technical techniques
  • Social engineering techniques
  • Attack propagation
    • Pivoting
    • Privilege escalation
  • Capture the flag
    • Target to be determined at the start
  • Exfiltration


  • Perimeter devices, services and applications
  • Employees and contractors
  • Wireless networks
  • Facilities
  • Access to internal systems
  • Remote access to networks
  • Access to internal files systems, applications, DBs
  • Capture-the-flag target
  • Success-based milestones

Penetration testing black box capture-the-flag blind social engineering technical pen testing

Flag target firewalls routers servers sites applications employees unauthorized access privilege escalation internal networks


Our attack plan involves 3 parts and attempts to simulate the conditions of a truly external attacker (e.g. no internal knowledge of the target organization, with exception of the name and whatever is publicly available).

  1. Blind target enumeration: Using the Internet and social networking sites Illumant will attempt to enumerate human and technical targets for the attack for the technical and social engineering exploits. (Illumant will review the target list with your organization before launching any attack to ensure no potentially sensitive individuals or systems are targeted.)
  2. Penetration: There are 3 broadly defined vectors for this phase – technical exploits, social engineering, and physical intrusion. Clients may select all or some of these vectors for the BBPen. During the test those that are selected amy be combined in order to increase the effectiveness of the simulated attack:
    1. Technical exploits: Illumant will attempt to identify and exploit vulnerabilities in networks, systems and applications to gain unauthorized access. The client may wish to include wireless infrastructure in the scope of the pen test.
    2. Social engineering: Using techniques such as pretext calling, phishing, planted media and social networking, Illumant will attempt to coax sensitive information or facilitating actions from employees. In some cases the social engineering may include depositing of pseudo-malware to provide Illumant with remote connectivity to internal networks. (This is pseudo malware because it is temporary in nature and will not cause any permanent damage or infection of systems.)
    3. Physical intrusion: Illumant will attempt to gain unauthorized access to the organization’s facilities through any number of approaches including identifying open doors, tailgating, or other methods. Illumant will try to escalate this physical access to network access and more.
  3. Exfiltration: Illumant will use the malware to retrieve information, such as affected computer names and directory listings, as well as to attempt to locate a target file on the organization’s network, retrieve it, and send it back. The target for this exercise will be determined at the start of the engagement