The goal of a penetration test is to demonstrate whether and/or how vulnerabilities in systems or network services can be exploited to spread through the network and eventually gain access to target systems or data. Testing will include vulnerability exploitation, username and password discovery, lateral movement between connected and trusted systems both inside and outside the target environment and demonstrating evasion and pivoting from compromised hosts. The goal is to illustrate the concept that "a chain is only strong as its weakest link" and to expose security vulnerabilities that are not demonstrated in vulnerability assessments.
Testing for an external network is used to test the effectiveness of security controls at the network perimeter to prevent and detect attacks and identify vulnerabilities in Internet-facing resources such as web, mail, and FTP servers.
An internal infrastructure test is performed to estimate what an attacker might accomplish with initial access to a network. This type of testing can reflect insider threats, such as employees performing malicious actions intentionally or unintentionally.
Wireless networks are essential for accessing systems and data, but they can also be a gateway for cybercriminals. Testing wireless protocols and technologies, including Bluetooth, ZigBee, and Z-Wave, to identify and remediate vulnerabilities that could lead to unauthorized network access and data leakage is a must.
Scoping - define the network and assets involved and develop an appropriate assessment strategy.
Reconnaissance and intelligence gathering - using the latest intelligence gathering techniques to uncover security and technical information that could help consultants gain access/pivot to your network.
Active testing and vulnerability analysis - using a combination of automated tools and manual testing, our consultants seek to identify security vulnerabilities and develop a strategy to exploit them.
Exploitation - to gain initial access or move laterally in your organization, our consultants exploit identified vulnerabilities in a secure manner that avoids damage and disruption.
Reporting - once testing is complete, our consultants will document all findings and provide you prioritized guidance on how to address the identified vulnerabilities.
Frequently asked questions about infrastructure testing