Nowadays an ever growing number of organizations face various types of cyber threats. Especially organizations that process personal or sensitive information, or work in the financial sector. A security breach in that context can be catastrophic and result in consequences that are close to impossible to mitigate afterwards.
A penetration test, also known as a “pentest”, is the process of simulating an external attacker, performing a cyberattack, in order to assess the vulnerabilities of your system. In the same process, you get to discover how a potential breach would impact your informational security. We differentiate between different kinds of approaches based on how much we know about the organization before starting a test.
A white box test is when we know everything about the system and have access to all the details a developer or sysadmin would have on hand.
A black box test is when we do not have any previous knowledge of the system and we have to figure out the details on the fly.
Other than the previous methods, there are various options in-between, that are valuable when dealing with massively complex systems. We offer internal as well as external testing when needed.
In practice, each pentest has a well defined scope. As part of the scope, we define a list of resources to be tested, including IP addresses, domain names, or any other type of resource that may be relevant.
When needed, we can adept to your organization's needs by testing in pre-arranged time frames, to accommodate what makes sense in terms of server load or service disruption.
After the scope and the conditions are clear, our team of experts start testing your systems, using both automated and manual testing methods, looking for any potential vulnerability.
At the end of the process, you will receive a testing report that contains the various tests we have performed as well as the list of vulnerabilities found. As part of the same report, you will receive assessments for the individual vulnerabilities, that include the description of the Impact, the Severity and (when appropriate) a proof of concept exploit.
Red Teaming is a complex attack simulation exercise, that encompasses a range of our other services into a single package, in order to give you the best insight into your risks and next steps.
More
When it comes to most enterprises, there’s a great deal of information on the web, waiting to be found. Being aware of what is publicly available, helps you prepare your first line of defense.
More
In cases like this, we can perform reverse engineering on malicious software samples that attackers may have used to exfiltrate data from your devices. During this process, we get to understand how the individual malware sample operates and how you can efficiently and securely remove it from your infrastructure.
More
Using reverse engineering, we can assess and inspect various types of software, whose source code is not available. The reverse engineering process can serve a range of goals, including creating documentation for legacy software systems in order to perform integration into modern tools and pipelines. Another goal of the process, can be to audit proprietary applications to look for potential backdoors or vulnerabilities.
More
The point of Social Engineering, is to make sure that not only our devices are secure, but that the human operators and processes can not be circumvented to gain unauthorized access.
More
