Penetration test

“THINK LIKE THE ENEMY”

The Penetration Test (PT) is a cyberattack simulation to your IT infrastructure.

It consists in either automatic or manual methods that run in order to spot as many weaknesses as possible. When it comes to web applications, the Penetration Test is commonly known as WAPT (Web Application Penetration Test).

When the simulation has run its course, the ethical hacking process and each single weakness will be gathered in a report, which will then be handed and explained to the client.

The Penetration Test data usually serve to assess the potential risks of a cyberattack, thus leading the client to consider the appropriate counter-measure if they want to reduce vulnerabilities.

 

Our IT staff is certified:

offsec-student-certified-emblem-rgb-oscp

Here the standard Penetration Test timeline:


SYSTEM ATTACK
1 /2 weeks to run the test


WRITING REPORT
1 week gather the report info


REPORT
1 day to hand the final report to the client

Advanced Penetration Test

“ACT LIKE THE ENEMY”

An Advanced Penetration Test (APT) needs more skills, resources and time than a standard Penetration Test.

Developing a 0-day exploit may become necessary in order to access those systems that seemingly are without weaknesses known to the manufacturer.

A 0-day exploit is an unidentified weakness, i. e. it is still not publicly available in the Web. It becomes rather difficult to protect one’s system from this kind of attack mostly because the very cybersecurity vendors still have little to no awareness of it.

In addition to the PT, the client can request a phishing campaign to be run in order to test the corporate security against Social Engineering attacks.

Social Engineering attacks feed on human interaction and their common aim is to obtain an unauthorized access or info of a target system.

Red Team Assessment

“WE DO NOT CARE ABOUT THE TOOLS BUT ABOUT THE TEAM ”

A RED Team Assessment (RTA), while similar to a Penetration Test, has different aims.

Whereas the Penetration Test is bound to spot as many weaknesses as possible, the RED Team Assessment focuses on how the target system defenses respond to a cyberattack. This means that the client needs to have their own BLUE Team (which can be found even in the standard Network & System Administrator) who will then proceed to spot and set the appropriate counter-measures to the RED Team cyberattack .

The RED Team Assessment timeline significantly differs from PT or APT. A RED Team Assessment could take weeks or months, based on the inherent target system complexities.