Prior to a test, our team discusses the requirements for your device, network or infrastructure assessment to define the scope of the test.
This is followed by service enumeration, network mapping, banner reconnaissance, and threat identification.
Our team members use both private and public methods of intelligence gathering to develop the foundation for attacks. Information is collected from multiple relevant sources pertaining to the target organization. Information of email addresses, phone numbers, previous data breach credentials, web or mobile applications along with API endpoints is collected during this process.
The attack strategy is planned at this stage. The approach is based on the information gathered in the previous stage and includes identifying subdomains hidden environments, analyzing cloud services for possible misconfigurations, checking authentication forms for weak or default credentials and crafting other attack scenarios
The information and intelligence gathered in the previous stages are used to launch a host of attack options across all relevant vectors. Execution includes exploiting previously identified vulnerabilities, compromising systems, exploiting client-side vulnerabilities, targeting personnel using social engineering methods, etc
Our reports provide both executive level information down to the technical details required. Each is customized to the specific scope of the engagement and outlines any vulnerabilities discovered and exploited. The reports are designed to be easily digestible but complete in the findings, giving both the exploitation likelihood, potential impact and DREAD risk score
Vulnerability scans look for known vulnerabilities in your systems and report potential exposures. Penetration tests are intended to exploit weaknesses in the architecture of your IT network and determine the degree to which a malicious attacker can gain unauthorized access to your assets.