An external penetration test will assess the external security by simulating a malicious actor attempting to gain access to the internal network. Through open source intelligence and enumeration, we will determine the company’s internet footprint and attack surface revealing any potential security shortcomings. Our testers will then attempt to breach the external network through phishing, unpatched systems, weak or breached credentials, and vulnerable web applications.
An internal penetration test will assess the security of the internal network. We gauge this by simulating a malicious actor who has gained low privileged access to the network. Our testers - given the low privileged access - will attempt to pivot to privileged networks and systems and gain domain administrator privileges by exploiting unpatched systems and misconfigured network settings.
The threat hunt will identify evidence of an ongoing compromise to the network with a focus on internal to external communications. Network taps will be used to passively collect all network traffic. After data is collected, it will be analyzed using open source software to determine the existence of any network threats.