• Strategic Penetration Testing

    An offensive security approach by simulating attacks a malicious hacker would use.

  • Penetration Testing Services

    A penetration test contains an agreement between a tester and a customer (attack target) where the tester employs the same skills, methods, tactics and techniques as an actual outside hacker. The tester provides a controlled and safe simulated 'hacker' attack on an organizational network that looks for security weaknesses and vulnerabilities, and attempts at gaining access to the computer's features and data through exploits.

    Think like a hacker

    The goal of the penetration test is to take an offensive security approach and simulate attacks similar to those a malicious hacker would use. The pen test will identify if your servers, applications and systems can resist hostile attacks, and assess potential impacts to the organization and suggest countermeasures and mitigation strategies to the reduce risk of exposure.

     

    We build strategies for penetration testing that align with organizational security goals, we utilize an industry best practice methodology when performing our assessment phases of a penetration test which provides extremely effective results in identifying vulnerabilities, weaknesses and system misconfigurations.

  • Our Approach and Methodologies

    We use a phased methodology and approach for penetration testing:

    1

    Information Gathering and Reconnaissance

    Determine the scope of the risk assessment.

    2

    Identify Risks

    Assess and Identify cybersecurity risks

    3

    Risk Analysis

    Analyze risks and determine potential impact.

    4

    Risk Scoring and Prioritization

    Determine and prioritize risks

    5

    Reporting and findings Review

    Document all risks. Compile executive and detailed findings reports, formally review and present.

  • Penetration Testing Phases

    Using external sources on the web to gather information about the network, website and organization such as technologies used, patch levels, system uptimes,
    public records, internet registrations, website source code, domains, DNS servers, Mail servers, user accounts, directory traversing, MAC addresses and IP addresses. The intent is to identify external sources of information pertaining to the target which may need to be removed or remediated. External scanning (from outside of the network) will be completed to identify vulnerabilities pertaining to the perimeter of the network. Assess devices using weak or default passwords, host discovery, network device banners and open ports. Webserver attacks such as SQL injecting and Cross Site Scripting (XSS).

     

    Enumeration consists of actively look for users, groups, shares, network resources, computer names, running services and applications. Attempts will be made to retrieve password hashes and cracking attempts will occur to identify weak passwords for systems in scope. Privilege escalation will be attempted for user accounts which have been compromised. SNMP hacking attempts to identify weak SNMP settings and configurations.

  • Our Areas of Penetration Testing Expertise

    Our Certified Penetration Testers have extensive experience in all areas of testing.

    broken image

    Web Application & API Testing

    We test applications using OWASP best practices.

    Vulnerability testing and exploitation will consist of the following types of web application attacks:

    • Buffer Overflows, command execution;
    • SQL Injection;
    • Cross Site Scripting (XSS);
    • Directory Traversal;
    • Parameter (url) tampering;
    • URL obfuscation;
    • Cross site request forgery;
    • Input and Data Validation;
    • Authentication and Authorization;
    • Encryption and Key Management; and
    • Error handling, auditing, and logging application management.
    broken image

    Cloud Penetration Testing

    Ensure Cloud Infrastructures are Secure.

    Initial testing phases will follow traditional network testing methodologies, however will be expanded to specific testing towards Cloud and containers, assessing risky permissions and roles, dump tokens, attempt role bindings, accessing secrets, attempt access to pods and containers. The tasks section of this methodology outline the specific checks and test pertaining to Cloud and storage containers. Description: In this activity the penetration tester will perform various tests and checks to assess the security configurations of the Cloud infrastructure and container systems, perform enumeration, identify vulnerabilities and attempt exploitation for misconfigurations. The tester will write various scripts/payloads and use tools to test the security settings and weaknesses accordingly.

    Tasks:

    • Cloud cluster testing for risky permissions 
    • Identify risky Roles\ClusterRoles 
    • Identify risky RoleBindings\ClusterRoleBindings
    • Identify risky Subjects (Users, Groups and ServiceAccounts) 
    • Identify risky Pods\Containers 
    • Dump tokens from pods (all or by namespace) 
    • Get associated RoleBindings\ClusterRoleBindings to Role, ClusterRole or Subject (user, group or service account) 
    • List Subjects with specific kind ('User', 'Group' or 'ServiceAccount') 
    • List rules of RoleBinding or ClusterRoleBinding 
    • Show Pods that have access to secret data through a volume or environment variables 
    • Get bootstrap tokens for the cluster 
    • Cloud RBAC audit for risky roles 
    • Listing secrets - Utilizing the listing secrets permission 
    • Creating a pod with a privileged service account (attempt to gain permission to create a pod in the “cloud-system” namespace) 
    • Attempt to impersonating privileged accounts 
    • Reading a secret – brute-forcing token IDs (attempt to find tokens with permissions to read secrets)
    • Creating privileged RoleBindings (attempt to bind that allows a user to create a RoleBinding with admin ClusterRole) 
    • Seeking for Exposed Services
    • Checking Cloud (Read Only Port) Information Exposure 
    • Checking for Anonymous Access 
    • Checking Anonymous Access to the API Server 
    • Searching for a privileged service account token 
    • Checking service account API authorization 
    • Kernel exploit vulnerabilities 
    • Check Containers’ security configuration 
    • Check for Sensitive files inside the container
    broken image

    Network Testing

    Prevent access to networks and escalation of privileges.

    A complete review of network architecture, design and segment isolation to identify any risk exposure recommendations for security enhancements and provide a strategic roadmap for remediation activities.

    Network device (routers/switches/firewalls) configurations will be reviewed using offline configuration scanning and best practices policies (via uploading device configurations to scanning tools).

     

    Tests for access to network through open ports, ARP poisining, MAC spoofing and capturing of hashes for network accounts.

     

    Configuration management software will be used to review server configurations against security best practices policies.

    Scans and Firewall/Router ACL (ruleset) reviews to ensure segmentation of the corporate networks.

    Review of VPN configurations and test to ensure strong encryption.

    broken image

    Wireless Testing

    Ensure adversaries can not gain access to your Wifi networks and sensitive data.

    Wireless sysems will be tested for security configurations flaws, weak passwords and encryption. These tests are performed using a specialized wireless sniffing tool which captures traffic from the access points.

     

    Cracking attempts for traffic captures containing WPA handshakes and SSID keys will occur, using dictionary and brute force attacks (no impact to routers).
    Any access points successfully cracked will be exploited by logging in with SSID credentials to gain access to the network. Router login attempts and network sniffing will then occur.

    Testing for WPA2 Enterprise is done using Fake Radius servers and certs.


    The penetration tester will walk the perimeter, and use the Long Range Wifi adapter from a distance to detect Rogue access points and to test the encryption and security of wireless access points.

    broken image

    Social Engineering Tests

    Make sure intruders can't access unauthorized areas and won't be able to trick employees for information.

    The social engineering phase of the penetration test will include safe techniques through simulation phishing emails (non-malicious) which track user clicks/downloads or spoofed form completions (e.g. surveys or fake Facebook logins), USB drives dropped in parking lots and random on-site locations containing simulation software (non-malicious) to detect if users plug into computers. Additionally, testing will include user imposters (via telephone calls or Instant Messaging) to see if employees can be tricked into escalating account privileges or providing confidential information to a possible attacker (e.g. ‘reverse social engineering’ pretending to be help desk support requesting login credentials to fix an issue on their corporate machines). Tailgating attempts will occur to building entrances and sensitive areas, and lastly access attempts to entrance of buildings and sensitive areas using flattery and social tricks to gain access.

     

    The purpose of our social engineering exercises is to provide focus areas for policies and security awareness priorities for employee training. All social engineering exercises will be closely coordinated with the Single Point of Contact prior to execution, and will not consist of threatening behavior.

  • Penetration Testers

    In depth experienced testers

    broken image

    Experienced Certified Penetration Testers

    OSCP, CEH, CISSP, CISA, CISM, AZ-500, CCSP Certifications

    Our Penetration Testers are professional and have extensive experience in all areas of testing and are fully certified.