Controlled Hacking by trained and experienced professionals.
Penetration testing gives you and management assurance that your environment is reasonably safe from compromise and data exfiltration
Our testing measures the effectiveness of your perimeter safeguards and controls in the real world, but within a scope specific setting. Our team will attack and attempt to compromise your perimeter devices with the goal of pivoting and diving deeper into the network.
This service is different from the vulnerability scans in that we attempt to fully exploit any weaknesses discovered. This is done completely under your supervision.
For Your Free Threat Assessment
Reconnaissance: Our methodology starts by convertly obtaining as much information as we can about the target. We will conduct specialized searches on the internet for data on the target. This data can be obtained from social media, online forums, and reporting websites. We will leverage what we find in the later stages. During this phase, we will also do an inventory of the your devices we can see from the wild. This is the first step in the Cyber Attack Chain.
Port/Service Scanning: The internet works by computers talking to each other via services. If an attacker can find viable services to attack they may able to compromise the computer and/or traffic (data). Our service scans look for the same services attackers look for and we attempt to compromise those through a varity of ways.
Vulnerability Scanning: These work in much the same way as a service scan except we are looking for vulnerabilities that can be exploited through websites and available devices we found during our reconnaissance phase. Since 80% of all compromises occur via web applications, we throughly test them. If we find viable vulnerabilites, we will leverage those during the next phase.
Exploitation: This, as we say in Texas, is where the rubber meets the road. We take all the information we have gathered during, reconnaissance, service and vulnerability scans, and we leverage that for the attack. Our attacks are done in a manner of your choosing. We can script them so you will be able to watch every step of the way, or they can be done in the blind to see if your internal security is functioning as intended.
Reporting: When testing concludes we will draft a report in which we detail our findings. You will have an opportunity to view the report and we will work with you to ensure it is crafted in the manner that best fits your organization. After that we will finalize the report and conduct an exit meeting.