penetration testing

Hacker attack simulation

Penetration testing assesses the security of your IT infrastructure, systems and applications by simulating a hacker attack. While using the same procedures and tools as a real attack, penetration tests have a clearly defined test subject and may exclude actions that could damage the tested system. When testing, we follow appropriate standards such as OSSTMM, PTES and OWASP and use professional tools such as Qualys or Burp Suite.

What you will get:

  • We uncover weaknesses in system security that could be exploited in a real attack
  • We assess the level of security risk in your company
  • We will create a comprehensive report that includes a management summary as well as a detailed analysis and corrective actions for each security weakness identified

What can we help you with?

  • An external penetration test

    simulates an anonymous attacker from the Internet. It tests network perimeter security and identifies vulnerabilities in other customer systems that are accessible from the internet. The scope of the test can be strictly defined by the customer (e.g. IP range) or the test can include an open source analysis (OSINT).

  • An internal penetration test

    focuses on an internal network that is not directly accessible from the Internet. It simulates an attack from the point of view of an attacker who has gained access to the internal network (e.g. via malware in an email attachment, or it may be an attack by a regular employee or contractor). Testers may be provided with a remote connection via VPN or testing may take place at the customer’s site. Testers may also be provided with a regular user account in the domain to simulate attack by a user or malware running on a regular user station as realistically as possible.

  • Web application testing

    combines both automated tools and manual testing to identify as many security flaws as possible and their impact. Testing can be performed from the perspective of an external attacker as well as a regular authenticated user. In this process, we rely mostly on the OWASP Web Security Testing Guide methodology.

  • The wireless network penetration test

    simulates an attack on Wi-Fi networks. It examines the security mechanisms used to protect data from unauthorized access over a Wi-Fi network. Test subjects may include password cracking attempts or an isolation audit of the wireless network from the rest of the infrastructure. Due to the nature of the tests, they are performed at the customer’s premises.

  • Penetration tests of mobile applications

    for Android and iOS systems examine the security of mobile applications against non-standard user actions, security of stored data and transmitted communication, including possible attacks on the API backend server. The testing methodology follows the OWASP Mobile Security Testing Guide.

  • The phishing campaign

    targets employees as usually the weakest link in information systems security. Phishing emails use social engineering techniques and attempt to trick users into taking an action (visiting a website, providing login credentials, or executing a file). A simulated phishing campaign is a practical part of IT security training for users. This gives users the opportunity to learn about the potential risks through practical examples and to learn how to recognise suspicious emails.

With or without information

We also perform penetration tests based on the information we have about the system being tested.

  • Black-box: no additional information, just a defined test subject (scope)
  • Grey-box: basic information available about the system structure and components used, typically the user account
  • White-box: detailed information about the structure and configuration, often admin access or application source code available

How will this work?

First of all, you need to agree on the tactics of testing to best meet your requirements. The actual techniques of the penetration test then depend on what is being tested. These are similar to the techniques used in an actual cyber attack. Our emphasis is mainly on manual testing that takes advantage of the knowledge and experience of ethical hackers. Unlike vulnerability scanning, which only serves here as a possible source of information, penetration testing can reveal more complex vulnerabilities and more accurately assess their severity.
Penetration testing can be simplistically divided into several phases: 

  • The pre-implementation phase consists mainly of project preparation and communication with the customer.
  • Information gathering involves scanning the network and identifying active services; in some cases, it may also involve so-called OSINT analysis, where potentially useful information (email addresses, subdomains or leaked login credentials) is searched for on the Internet.
  • In particular, vulnerability analysis involves scanning for known vulnerabilities using an automated tool.
  • Exploitation of the vulnerabilities found simulates the next phase of the attack, which consists of an attempt to penetrate the system under test, as well as the elimination of false positive findings from the vulnerability scan and the manual tracking of additional threats.
  • Impact identification means identifying what an attacker could achieve if a vulnerability is successfully exploited and then assessing the severity. This may involve, for example, further penetration of the tested system through privilege escalation, obtaining login credentials to other systems, or controlling other devices on the network. Should this involve uploading tools to other computers or creating new accounts, these artefacts are deleted before the end of testing.
  • Preparation of a final report that includes both a brief executive summary of the findings and a more detailed technical section describing the vulnerabilities found, possible exploitation process, and recommendations for mitigation. If necessary, the customer can consult with any follow-up questions or recommended further action.
  • Retest is an optional component that verifies that the vulnerability has actually been removed as a result of the corrective action.

Get in touch with us.

Our cybersecurity experts are ready to help you.