Penetration Testing
PENETRATION TEST (ASSUME BREACH)
IT Minister delivers a comprehensive Test of your internal and cloud infrastructure’s and reports on the resilience against modern advanced attackers.
Method:
Based on our specialized knowledge of hacking and techniques to compromise systems and networks, we apply Post Exploitation techniques, in which typical misconfigurations and vulnerabilities in Windows and Linux Enterprise Environments are discovered and exploited in the same manner as modern attackers compromise organizations.
Depending on the maturity of your organization the test can be performed with the sole purpose of identifying misconfigurations and vulnerabilities that will lead to an enterprise security breach. Additionally, we can also assess your Blue Team’s capabilities in detecting well-known attacker techniques used in a cyber security breach. In the latter assessment, attack vectors such as Privilege Escalation, Credential Theft and Lateral Movement can be emulated in close sparring with the Blue Team, to identify potential gaps in their ability to detect such actions.
Indicators of Compromise, both in network traffic and in system memory, may be provided along the test, if relevant for the Blue Team to train their detection capabilities.
An Assume Breach test can therefore be a good alternative for an organization wanting to assess their detection capability, but do not want to perform, or do not have the maturity for, a full scope Red Team test.
The test is carried out with a starting point of a domain-joined computer provided by you along with non-privileged user credentials.
Involvement:
- The delivery requires minimal involvement of your technical staff.
Value:
- Test your infrastructure’s resilience against modern attackers
- Evaluate your security posture and protection of critical assets when your external perimeter has been breached or you have a malicious insider
- Identify misconfigurations, known vulnerabilities and insufficient technical controls on the internal systems and network
Product - Written Report Analysis Containing the Following:
- A non-technical section with an Executive Summary for management and decision makers
- A technical section including detailed observations and tangible recommendations to improve the security level and hardening of the infrastructure
- Recommendations and next steps (if applicable)
Get in touch to learn more in detail about how we can support your cyber requirements.