Penetration Testing
Cyber security
Have the weaknesses in your information system, application, or network identified. Stay one step ahead of potential intruders.
Penetration testing, often referred to as pentesting is the process of testing information systems, applications or networks to identify and exploit security weaknesses. This type of testing is conducted from the perspective of a potential attacker who attempts to penetrate the system or application to gain unauthorized access or exploit data.
Our testing is based on methodologies such as OSSTMM and OWASP.
Penetration tests can be categorized into two main types based on their intent: internal and external.
Internal Infrastructure
Identification
The first phase of penetration testing involves identifying targets, the environment, and searching for vulnerabilities. We test security weaknesses related to software bugs, configuration, and service design.
Attempts to breach the system
The next phase focuses on attempts to breach the identified systems and services and escalate privileges. We use various methods, including password attacks and other exploits.
Domain compromise
Finally, we test for an attempt to compromise the company’s domain, where we try to escalate privileges to the level of domain administrator using various attacker techniques.
External Infrastructure
An external test simulates an anonymous attacker’s attempt to penetrate the company’s network from the internet. The goal is to bypass security measures, exploit vulnerabilities, and gain unauthorized access to the network or cause service unavailability. Typical targets of external tests include DMZ, email servers, DNS servers, web servers, and web applications.
Scanning open ports
The first phase involves scanning open ports and running services, identifying the operating system and software versions, using both system tools and automated scanners.
Vulnerability identification
Based on the gathered information and scans, the next phase identifies vulnerabilities and attempts to exploit them, utilizing commercial vulnerability scanners and proprietary tools.
Gaining access and control of the target
The final phase aims to achieve access and control of the target, potentially leveraging compromised devices for further attacks on other systems within the network.
Conclusion of internal and external penetration tests
After each penetration test, there is an important documentation phase where all steps of the testing process are carefully documented. This document includes a detailed description of all identified vulnerabilities and their evaluation according to the CVSS classification, allowing the organization to accurately assess their severity and prioritize subsequent steps within the system’s security framework.
