MBS Techservices Inc is seeking independent contractors with 3-5 years of cybersecurity experience and demonstrated ability to do a range of PEN testing, both internal and external. While most work can be done remotely, there may be some need for onsite work.

Successful candidates will have background in PEN testing, Red or Blue Hat exercises, or extensive experiences with network and systems security. Candidates will be required to provide a clear 7 year Criminal Records check prior to starting an engagement.

Positions will require good writing skills and ability to transform testing results into a cohesive summary and recommendations.

Detailed requirements are listed below.

Requirements Successful candidates will have demonstrated knowledge and experience with the following description of PEN testing services required. Internal Network

Consultant shall perform an internal network penetration test of Customer’s internal systems and networks. The consultant will employ a variety of tools and techniques to identify, enumerate and compromise internal hosts and services, with the goal of gaining full control over the Customer’s Active Directory domains, internal network environment and high-value systems.

The testing performed shall include, but not be limited to, the following:

• Perform Domain Name Server (DNS) enumeration and Active Directory mining to discover high-value systems
• Capture and crack credentials transferred over the network
• Discover and exploit remote vulnerabilities to gain footholds on multiple systems
• Escalate privileges on compromised systems, retrieve additional credentials and move laterally within the Customer’s infrastructure and Windows Domain(s)
• Employ stealth techniques to evade host and network-based detective and preventing defences
• Attempt to obtain Domain Administration level access to Customer’s Domain environments
• Extract and crack all password hashes for Customer’s Domain environments
• Obtain access to defined and discovered high-value target systems
• Achieve action on additional objectives (flags) set by the Customer, as mutually agreed by the Parties during the Project planning and kick-off process

External Network

Consultant shall perform an external network penetration test of Customer’s Internet-facing systems and networks. The consultant will employ a variety of tools and techniques to identify, enumerate and compromise external hosts and services, to gain access to systems on the Customer’s Demilitarized Zone (DMZ) and internal network.

The testing performed will include, but not be limited to, the following:

• Leverage services such as Shodan, Robtex, etc. to perform recon on external hosts
• Perform DNS enumeration to discover external hostnames
• Stealth discovery and port scanning to enumerate live hosts and exposed services
• Leverage employee names gather during Open-Source Intelligence (OSINT) for password spraying against AD-connected services
• Virtual Private Network (VPN) Logins
• Citrix Logins
• Outlook Web Access
• Corporate Extranet Applications
• Leverage knowledge of Network Engineers/Administrations, Systems Administrations, etc., gathered during OSINT for password attacks against admin interfaces:
• Telnet Logins
• Secure Shelf (SSH) Logins
• Virtual Network Computing (VNC) Logins
• Remote Desktop
• Blackbox web application testing to compromise the system or exfiltrate data from the database
• Authentication bypass
• Password attacks
• Directory traversal
• Parameter manipulation
• File upload/download vulnerabilities
• Leverage other vulnerabilities as discovered to achieve system compromise
• Pivot from the compromised host(s) to attack other DMZ hosts and access the internal network
• Achieve action on objectives (flags) set by the Customer as mutually agreed by the Parties during the Project planning and kick-off process

Benefits These positions are contract in nature, with no benefits or payroll deductions. Candidates must have a company and bill MBS directly for work done.