Penetration Testing
Penetration testing, sometimes referred to as Pen Testing, is a valuable way to emulate and determine how resistant your organization’s digital infrastructure is to both insider and outsider threats, so even if you aren’t under any regulatory mandates, Penetration Testing is worthwhile.
We can:
- Conduct internal network penetration testing on premises
- Conduct internal network penetration testing remotely through use of VPN or an “attack box”
- Conduct external penetration testing on your internet facing IP’s
Our penetration testing attempts to actively exploit vulnerabilities found using commercial scanners, open source scanners, and largely custom scripts. We locate vulnerabilities, validate and remove any false positives, and then focus on exploiting actual vulnerabilities. We believe a Penetration test should incorporate no more than 20 – 30 percent (dependent upon the size of the network and time frame) use of automated tools like vulnerability scanners. Our Penetration Test is focused on combination of the following:
- Manual testing
- Running custom scripts
- Testing for default username and passwords
- Utilizing collected credentials
- MiTM attacks
- Buffer Overflow Attacks
- SQL Injection Attacks
- Memory Scrapes
- Pass the Hash Attacks
- Web Application Attacks
- Exploiting Unpatched Systems
- More….
Essentially we “look under ever rock” and “go down the rabbit hole” to find vulnerabilities and then attempt multiple methods of exploitation. Our overarching goal for our Penetration Tests is to evaluate and improve the overall security posture of your organization’s network, applications, and web-based applications, so you have a clear picture where you are susceptible to cyber-attacks.
Additional stand alone items related to our penetration testing services:
Client-side Penetration Test: This kind of penetration test is intended to find vulnerabilities in and exploit client-side software, such as web browsers, media players, document editing programs, etc.
Web Application Penetration Test: These penetration tests look for security vulnerabilities in the web-based applications, development applications and programs deployed and installed on the environment.
Remote dial-up War Dial: These penetration tests use custom scripts to look for modems in a target environment, and normally involve password guessing or brute forcing to login to systems connected to discovered modems.
Wireless Security Penetration Test: These penetration tests involve discovering a target’s physical environment to find unauthorized wireless access points or authorized wireless access points with security weaknesses.