Goal-oriented

Penetration testing will identify specific vulnerabilities and cyber security risks that can lead to a compromise of the business or mission objectives of the customer that will adversely impact the organization.

The primary goal should be based on the impact of the target organization if it was compromised, not compliance. Compliance should be a secondary goal.

Penetration Testing

penetration test is an attack on a computer system to find cyber security weaknesses and potentially gain access to it, its functionality, and its data. Penetration testing is not merely checking for unpatched systems, but taking it to the next level of exploitation and then pivoting.

We test the cyber security posture and capabilities of the target organization.

Testing Benchmarks

Information Gathering

The ability of the customer to detect and respond to information gathering.

Infiltration Attacks

The ability of the customer to detect and respond to infiltration (attacks).

Foot Printing

The ability of the customer to detect and respond to footprinting.

Vulnerability Analysis

The ability of the customer to detect and respond to scanning and vulnerability analysis.

Data Aggregation

The ability of the customer to detect and respond to data aggregation.

Data Exfiltration

The ability of the customer to detect and respond to data exfiltration.

penetration test security compliance

Compliance Does Not Equal Secure.

For best results, we like to test from all angles, not just the typical “from the Internet only.” Most attacks come from within, disgruntled employees, a guest on the network, or even a college intern that does nothing but social media all day. Not only from malicious users on the inside, but even the best-intentioned employee may also bring a personal laptop in to use on lunch break.

Penetration Testing Process

penetration test step 1

Define parameters of penetration testing

  • Discuss risks and assumptions
  • Generate list of “must be scanned” network resources
  • Generate list of “must NOT be scanned” network resources
  • Set Pen Test goals
  • Rules of Engagement
  • Discuss current technologies in place that may affect the outcome

Intelligence Gathering

  • Target selection
  • Open Source Intelligence Gathering (Corporate & Individual)
  • Covert Gathering
  • Footprinting (Services Enumeration, Operating System Fingerprinting)
penetration test step 2
penetration test step 3

Threat Modeling

  • Gather relevant documentation (data, policies, technical info)
  • Business Process Analysis
  • Identify and categorize primary and secondary assets
  • Threat Capability Analysis

Vulnerability Analysis

  • Testing
  • Active
  • Passive
  • Validation
  • Research
penetration test step 4
penetration test step 5

Exploitation

  • Vulnerability execution against all nodes
  • Evasion techniques
  • File access and command execution
  • Local information gathering
  • Privilege escalation
  • Pivot point assignment
  • Local service exploitation
  • VPN man in the middle attack
  • Network packet capture and password sniffing
  • Arp-Poison
  • Wi-Fi Exploits (WEP, WPA2-PSK, WPA-ENT, Evading EAP/TLS)
  • Web application, and SQL penetration testing
  • Zero-Day exploits (Fuzzing, Physical Access, Traffic, Attack the user)

Cleanup & Report

  • Escalated access back out
  • Local agent removal
  • Create report on all exploited systems
  • Create report with remediation
penetration test step 6

Get in Touch

Let Us Know How We Can Help!

Locations

Deerfield Corporate Centre One
13010 Morris Road - Suite 650
Alpharetta, Georgia 30004

Wells Fargo Center
100 S. Ashley Drive - Suite 600
Tampa, Florida, 33602

Drop Us a Line

[email protected]

Give us a ring

833-568-4924

Contact Us