A penetration test is a detailed review of an organization’s overall defense effectiveness by simulating a hacker targeting an organization’s network and data assets. This test typically involves performing information reconnaissance about a target organization, network mapping and system fingerprinting and enumeration, identifying vulnerabilities, exploitation, gaining and maintaining privileged access, evidence gathering, cleaning up, and reporting. The penetration test can be conducted externally from the Internet acting as an outsider and/or internally from inside the corporate LAN acting as a malicious insider.
Our services include:
- Network Penetration Testing – Involves hacking an organization’s network using network-based attack vectors. Client-side attack vectors, which includes a few social engineering techniques, can also be performed
- Application Penetration Testing – This process Involves in-depth testing of applications (web, database, software, mobile), reverse engineering, and identifying/exploiting vulnerabilities in order to gain unauthorized access to data.
- Social Engineering – Involves testing an organization’s information security awareness and employee training by hacking “people” in order to gain sensitive information. Examples: phone and email phishing, social networking, impersonation, etc.
- Physical Security Testing – Involves testing an organization’s physical security controls and defenses by breaching facilities and gaining physical access.
- Red Teaming – A penetration testing method that truly takes on the real world “hacker” perspective and tests an organization’s complete security defenses and incident response. A red team exercise involves “Blackbox” testing, having limited knowledge of the target’s defenses, and utilizes multiple physical, social, and network attack vectors to obtain a goal. More evasive hacker techniques are used in order to test the preventative, monitoring, and incident response effectiveness of an organization.