Our penetration testing engagements identify threats to your organization, key assets that may be at risk, and the threat agents that may attempt to compromise them. Each engagement is customized to your requirements and may span from breaching a single host to gaining deep network access.
We begin by identifying assignment objectives, as well as the attack vectors and scenarios that we’ll use. Throughout the engagement, we provide ongoing status reports, immediate identification of critical risks, and knowledge transfer to your technical team. At the end of the process, we ensure you have a complete understanding of the exploitable vulnerabilities in your environment and recommended remediation strategies.
Three phased approach to our penetration methodology
- Network mapping and host discovery
- Service identification, vulnerability scanning, and web application discovery
- Identification of critical systems and network protections
- Research exploits and attacks based on enumerated information
- Active exploitation of vulnerable systems and applications
- Manual testing tailored to the deployment and business purpose of the target
- Escalation of privileges and compromised credentials
- Use of compromised systems to gain access further into the network
- Attempts to access business-critical systems or information to demonstrate impact