Define project scope, goals, and rules of engagement.
Perform reconnaissance against a target to gather as much information as possible to be utilized when penetrating the target during the vulnerability assessment and exploitation phases.
Analysis of business assets, business processes, threat communities, and threat capabilities to identify the organization’s appetite for risk and prioritization of vulnerabilities.
Discover flaws in systems and applications which can be leveraged by an attacker. Flows can range from host and server misconfiguration to insecure application design.
Focus solely on establishing access to a system or resource by bypassing security restrictions. The main focus is to identify the main entry point into the organization and to identify high value asset targets.
Determine the value of the compromised machine and maintain control of the machine for later use. Identify and document sensitive data, configuration settings, communications channels, and relationships with other network devices that can be used to gain further access to the network.
We report the findings of the Penetration Test. The intended audience are those in charge of oversight and strategic vision of the security program, as well as any members of the organization who may be impacted by the identified/confirmed threats.