Penetration Testing

Identify risks to your organisation from unknown vulnerabilities in your custom applications, network configuration, legacy systems and outdated policies. We gather intelligence, run automated tests and manually search for weaknesses, assessing the consequences when we find them.

How does it work?

  1. A meeting to discuss why you want a pentest and what insights you want to gain from it.
  2. We carry out a range of checks to identify potential weaknesses in your systems and procedures. This may involve gathering intelligence from public records and social media, discovering your computer systems, and establishing the main threat actors and their capabilities.
  3. The active exploitation phase is where we try to use the potential vulnerabilities we've found to gain access to your organisation then carry out any additional steps you'd like us to. There will always be an open a line of communication in case of any unforeseen issues.
  4. We report back our findings and recommend remedial action. We use a two part report; the first part is designed for executives and senior leaders to understand the risks to the organisation, and the second part is the technical report detailing exactly what we found, how we found it and how to mitigate it.

Our Penetration Testing service is tailored to your specific needs. Contact us today to discuss your requirements.

Contact us

Our Penetration Testing Process

We use the 7 step Penetration Testing Execution Standard as the basis for our approach, but crucially we provide ongoing remediation guidance via our Advisory Service.

Pre-EngagementIntelligence GatheringThreat ModellingVulnerability AnalysisExploitationPost-ExploitationReportingRemediation

Pre-Engagement

We'll meet with you to understand the reason for the penetration test and what you want out of it. Some clients want exceptionally thorough tests to identify nearly every conceivable risk, whilst others want a check of common weaknesses that cannot be achieved with a vulnerability scan alone. This stage is to ensure there is common understanding of:

  • Scope: what needs to be tested, what we can do and what we cannot do
  • Timeframe and budget: how quickly and how thoroughly
  • Rules of engagement: testing timeframe, permission, legal considerations and anticipated issues
  • Communication channels: keeping in touch should there be any issues or changes needed to the testing plan
  • Incident handling: how we handle and can assist in any incidents during the testing

Intelligence Gathering

We gather intelligence about your organisation from a range of sources that allow us to:

  • Select targets are are in scope
  • Evaluate Open Source Intelligence from social media, legal records, contracts, financial reports, physical locations etc
  • Gain further intelligence via covert methods including assessing physical security, radio frequency scanning and employee behaviours
  • Identify the organisation's footprint - IP ranges, domain names, DNS records, open ports and software versions
  • Understand existing protection mechanisms - Firewalls, packet filters, antivirus, and detection and response solutions

Threat Modelling

We'll discuss with you your assets and processes, and their relationship to potential attackers and their capabilities.

  • Assets include your organisation's data, policies and procedures, the data managed on behalf of others and human assets that can be manipulated to reveal information or act against the organisation's interests
  • 'Processes' include the processes themselves and anything supporting them like technical infrastructure, information assets, internal human assets and external organisations
  • Threat agents are those that could pose a risk to your organisation, which could be internal (e.g. employees, management, IT experts) or external (e.g. suppliers, customers, organised crime groups, recreational hackers). In each case we identify their potential motivations
  • The capabilities of threat agents can be wide ranging so we analyse the tools known to be in use, their communication methods and how much access they have to the organisation

Vulnerability Analysis

A large portion of pentesting is identifying potential vulnerabilities. We use automated tools such as vulnerability scanners to assist in the early parts of this phase, but significantly extend this via manual testing, creating attack trees and evaluating the exploitability of identified vulnerabilities. When trying to find vulnerabilities in web applications we follow the guidance in the OWASP Web Security Testing Guide.

Exploitation

This phase is what people often think of when discussing pentesting - proving that the potential vulnerabilities can be used in practice to gain access to an organisation. Depending on the specific assignment this may involve using known exploits that can be easily deployed, creating custom exploits, social engineering, bypassing physical security and evading intrusion detection systems and antivirus software.

Post-Exploitation

Once we've gained a foothold into your organisation, we then evaluate what we can do. The biggest question is usually "How much damage can we do?". We may be able to find further information about your infrastructure which may then lead to further routes of attack. We may be able to steal data or disrupt your services. We may gain knowledge of high-value targets whether digital, physical or human. We may be able to set up additional routes of external access to allow an attacker back into your network anytime they want.

All of this would take place in line with any agreement made at the pre-engagement phase. If you allow us to make changes to your systems, we will keep records of exactly what we've done to allow for clean up after we've proven exploitation is possible.

Reporting

The main aim of penetration testing is to identify risks to your organisation so you can mitigate them before your adversaries have chance. Our reports have two main sections:

  • Executive summary that is designed for senior leaders to understand the context of the test, the risks identified, the potential impact on the organisation and high-level recommendations for remediation.
  • Technical report that describes the scope, vulnerabilities identified, attack path, technological impact and detailed technical remediations.

Remediation

We'll remain available to discuss remediation actions with you, and via our Advisory Service provide guidance on the most appropriate way to correct any issues we identify.

Ready to discuss a pen testing assignment with us?

Our penetration testing services are tailored to the requirements of each assignment. Contact us today for a quote.

Contact us