Now that you have a basic understanding of the seven PTES categories, let’s examine the two main types of penetration tests: overt and covert. An overt pen test, or “white hat” test, occurs with the organization’s full knowledge; covert tests are designed to simulate the actions of an unknown and unannounced attacker. Both tests offer advantages and disadvantages.
Using overt penetration testing, you work with the organization to identify potential security threats, and the organization’s IT or security team shows you the organization’s systems. The one main benefit of an overt test is that you have access to insider knowledge and can launch attacks without fear of being blocked. A potential downside to overt testing is that overt tests might not effectively test the client’s incident response program or identify how well the security program detects certain attacks. When time is limited and certain PTES steps such as intelligence gathering are out of scope, an overt test may be your best option.
Unlike overt testing, sanctioned covert penetration testing is designed to simulate the actions of an attacker and is performed without the knowledge of most of the organization. Covert tests are performed to test the internal security team’s ability to detect and respond to an attack.
Covert tests can be costly and time consuming, and they require more skill than overt tests. In the eyes of penetration testers in the security industry, the covert scenario is often preferred because it most closely simulates a true attack. Covert attacks rely on your ability to gain information by reconnaissance. Therefore, as a covert tester, you will typically not attempt to find a large number of vulnerabilities in a target but will simply attempt to find the easiest way to gain access to a system, undetected.