As ethical hackers, we emulate an attacker by utilizing similar techniques to perform reconnaissance, identify vulnerabilities, and break into your systems. Unlike an attacker, however, we stop our test before exposing sensitive data or doing harm to your environment. With a Black Box Penetration Test we have unauthenticated access and have little prior knowledge, except the IP Address, domain name, or URL, about the systems in scope.
A Black Box Penetration Test is commonly used as an external penetration test against an organization’s Internet-facing systems, such as the following: