Penetration Testing

Let us launch a controlled cyber-attack on your network, applications, processes or environments. Security is a very important component to any organization that is connected to the Internet. Please feel free to send us an email to begin a conversation about what types of tests your organization would want to employ.

Tools used (not limited to): BurpSuite Professional, OpenVAS, Spiderfoot, Metasploit Framework, ZAP, AMASS, NMAP, Maltego, Mimikatz, various OSINT methods. 

We adhere to the NIST Cybersecurity Framework, and ISO/IEC 27002.

If you would like to fill out a scope document click here to download.

• Black Box Penetration Testing (click for more details): In this approach, the tester assesses the target system, network or process without the knowledge of its details. They just have a very high level of inputs like URL or company name using which they penetrate the target environment. 

• White Box Penetration Testing (click for more details): In this approach, the tester is equipped with complete details about the target environment – Systems, network, OS, IP address, source code, schema, etc. It examines the code and finds out design & development errors. It is a simulation of an internal security attack.

 • Grey Box Penetration Testing (click for more details): In this approach, the tester has limited details about the target environment. It is a simulation of an insider threat or application testing.

Web applications (click for more details). How secure are your web applications and web presence? Let us validate this for you with a Web Application Penetration Test, either with black box or gray box methodologies. Web applications are the most frequently attacked items on the Internet and are often the most insecure.

We can implement social engineering (click for more details) in the context of information security, by using psychological manipulation on your organization by performing certain actions or divulging confidential information.     

Remote Tests are used to trick an employee into compromising confidential data using electronic means. The tester could conduct such an attack via a phishing email campaign.    

Physical Tests require direct contact with the employee to retrieve sensitive information. It may also involve tactics like Dumpster Diving, Imitation, Intimidation or trying to convince the subject via telephone calls. 

Wireless penetration testing (click for more details) encompasses penetration testing against your wireless network and vulnerability assessments against access points if we are able to gain access to your wireless network.

We document every step of the testing. The documentation will contain an introduction, scope, executive summary, test methodology, vulnerability description, recommendations, and conclusions, listing of tests completed, findings, methodology, mitigation suggestions and threat rankings.

Red teaming is different from a typical penetration testing action.

A red team action is a threat-led penetration test where also the detection and response capabilities of the company (SOC or blue team) are tested during the campaign. Usually, this test is run secretly, and specific attack scenarios are often agreed upon upfront. Red teaming, in contrast to penetration testing, is focused on target objectives. Rather than putting a priority on finding as many vulnerabilities as possible, a red team attempts to test how a company's security team responds to various threats.