Internal Penetration Testing

The process of internal penetration testing simulates actions of internal hacker. It helps to identify IT security issues to successfully eliminating them.
It includes:

  • discovery
  • vulnerability analysis
  • exploitation of vulnerabilities
  • privilege escalation and maintaining access

External Penetration Testing

The process of external penetration testing simulates real attack from the Internet. It helps to identify IT security issues to successfully eliminating them.
It includes:

  • discovery
  • vulnerability analysis
  • explanation of vulnerabilities
  • privilege escalation and maintaining access

Web Application Analysis

During Web Application Analysis we provide:

  • automatic scanning
  • manual scanning

In any kind of testing we always find at least one security breach, mentioned in OWASP Top 10 list and provide detailed report with recommendations for IT department.
In average, 70% of web applications have a critical-level vulnerabilities inside. Not paying attention to these security weaknesses allows attackers fully compromise application, gain access to sensitive data or even take control over the server.

Mobile Application Analysis

Many mobile applications operate sensitive data and it is very important to pay attention to security of application.
Even if an application does not manipulate private information, it is still could be an attractive to some hackers.
Our goal is to find all breaches and information leakage within mobile application.

We work with different mobile OS, such as Android and Apple iOS.

 

Internal Vulnerability Assessment

The process of Internal Vulnerability Assessment is meant to identify, quantify and prioritize vulnerabilities in customer internal infrastructure from the side of users segment.

During internal assessment we do:

  • host identification and OS detection
  • enumeration of open ports
  • services enumeration
  • vulnerabilities analisys

External Vulnerability Assessment

The process of external assessment is meant to identify, quantify and prioritize vulnerabilities in customer`s segment that expose to the Internet.
During external assessment we do:

  • hosts identification and OS detection
  • open ports enumeration
  • services enumeration
  • vulnerability analisys

Social Engineering Testing

“Social engineering has become about 75% of an average hacker’s toolkit, and for the most successful hackers, it reaches 90% or more” © John McAfee
While social engineering attack, we use various of methods to gain confidential information from employees. This allows to understand the level of awareness of employees on issues of information security.

Incident Investigation

Incident investigation is a process for reporting, tracking, and investigating incidents, which prevents recurrence and helps to achieve safer workplaces.

It includes detailed investigation of incident with detection of its level of danger, used malware and definition of the boundaries of the attack or analysis of individual artifacts obtained during the incident (for example, samples of malicious software).

Source Code Audit

Source code audit well known as “White box” is a type of testing that helps to find hidden problems in application.

There is a common situation when an application`s developers forgot to remove some functions that were using on testing phase.

Source code audit can guarantee that onsecure code will never pushed on production. Also such type of testing can prevent backdoors.

Red Teaming

Red Teaming is a process of continuous imitation of targeted attacks on a company using the most advanced methods and tools from the hacker’s arsenal.

If the company already has multi-layered protection, most of the InfoSec processes have been built and, most importantly, a monitoring and response system has been created, it makes sense to conduct Red Teaming.

In a simplified form, the task reduces to checking the monitoring system: how quickly and accurately the company can detect the actions of the attacker, do all of the significant events of the attack it tracks and how fast the reaction of the Security Operation Center (SOC) is.

The Red Team stealthy analyzes the company’s system in various ways and the Blue Team monitors everything that can be done. The results are conducted: the findings of Red Team and monitoring work of Blue Team. Then the Blue Team starts to make counteraction and the Red Team tries to get around them and achieve the same results.