PENETRATION TESTING

Testing the Security Controls of your Corporate Infrastructure

Our Methods

Our Penetration testing has 6 primary steps: Reconnaissance, Vulnerability Detection, Exploitation, Gaining Privileged Access, Keeping Access, and Covering your Tracks.

The Penetration testing deliverable is a report of the exercises attempted and their results. It also should have a set of remediation recommendation to help close the exploits that were successful. Additionally, there should be documentation of unsuccessful results such as screenshots, tool outputs, text files, spreadsheets, and other forms of notes and results discovered. This provides the tester with repeatability and re-examination information that can reduce costs for future tests.

our methods

Your organization’s Security is too important to risk

Benefits

Every system has vulnerabilities.  Find your corporation’s weaknesses and fix them before the wrong people do.

We assist mid to large organization’s IT security groups look for and find the plausibility of exploitations from things such as defense-in-depth solutions.

Knowledge

Penetration testing provides the organization with the process of what an attacker would attempt when given the information you provided during the scope of the system to test.

Insight

It provides you a better understanding of your ability to be compromised.

Awareness of Exploitation

Penetration testing confirms the system is exploitable. It does not confirm the system is not exploitable because it is about the tester’s ability and not necessarily the security controls deployed by the organization.

Working Plan

Penetration testing results provide a path to fix the most pressing weaknesses to the system.

Awareness of Vulnerability

Penetration testing exposes the most vulnerable components of your system.

Meet Regulatory Compliance Requirements

System owners with requirements for 3rd party validation or who need to meet regulatory compliance requirements can obtain validation through intrusion detection system (IDS) testing or a defense-in-depth strategy development.

How we do it

Duffy Compliance Services’ (DCS) enterprise management application ensures compliance

How Service is Conducted

Penetration Testers should document everything they do especially on successful exploits where they will continue down the testing process.

Deliverables

  • Scope of the Test (Goals, Objectives, limitations, restrictions)
  • Type of Test (Black, White, Grey Hat)
  • Boundaries of the Test (Net Ranges, Domains, Hosts, Applications, etc.)- Attack Surface
  • Roles and Responsibilities (POCs, Support for device crash/locked)
  • Schedule for testing (Dates and Times or unknown)
  • Pen Tester – Reconnaissance (what to use before system touch)
    System search for vulnerabilities
  • Creating exploits and payloads for stealth and improved probabilities
    Exploit weaknesses for first access – repeat with new options or move on to next vulnerability if unsuccessful
  • Exploit systems for second level access (privileged access)
  • Create backdoors or simpler access methods to return to the device
  • Delete events and logs and other traces of original attack and suppress (hide) information about current access methods

Why Choose us?

The ability to turn the pen test results into something the client can understand

Tests for:

Healthcare practices
Entertainment organizations
Government Contractors
Government Agencies

System Experience:

Security Architecture – Freddie Mac, NGMS, GD C4S, NCI, IBM Global Services
Security Products – Fortinet, Rapid7, Dell SonicWall, Shiva/Intel VPN, Tenable, SAINT, Qualys
Open Sourced – Kali, OWASP, Metasploit, Kismet, etc.
Wireless – Bluesocket, Fortress

Penetration Testing is a full spectrum, black to white box testing of your environment. You systems include the wired and wireless networks, applications, devices, and even personnel. The result is to find vulnerabilities an attacker could exploit and see how your security controls respond.