Home
>
Services
>
Security Analysis
>
Penetration Testing

Penetration Testing

Our security engineers will simulate advanced attack strategies to be expected in the real world. Because you can't risk what tools miss.

Scope of Work

Penetration testing is the highest level of security assessment offered. Unlike vulnerability assessments, a penetration test uses ethical hacking techniques to attempt to exploit the weaknesses found in order to measure the severity of these attacks. The difference between a real attacker and our security engineers are the permissions given and the detailed scope of work agreed upon before starting the test. The objective of this exercise is to first identify if an external attacker can infiltrate the network, and if done, what information would be available to them. False positives are eliminated and a Business Impact Analysis is conducted.

Penetration testing requires a high level of expertise and knowledge in order to be successful, going far beyond anything any automated tool can provide. In most cases, a successful penetration tester will have to write custom tools and exploits; thus, extensive programming knowledge and experience are needed. Although the exact scope and length of each test varies, most penetration tests are divided into the following areas:

Reconnaissance

Reconnaissance will begin with techniques that search public registration data, Domain Name System (DNS) server information, newsgroup postings, and other publicly available information to collect information (e.g., system names, Internet Protocol [IP] addresses, operating systems, technical points of contact) that may help the assessor to identify vulnerabilities. During this phase we try to learn everything we can about your organization including employees, security policies, physycal security and infrastructure.

Exploitation

Vulnerabilities encountered are exploited and explored in order to gain access to the internal systems. Beyond engaging the network, This is also includes phishing campaigns, social engineering attacks and much more.

Privilege Escalation

Once a user account has been compromised, the next step is to gain administrative privileges on the systems. This gives us full control of the comproised system.

Clean up and Reporting

After the penetration test is finished, the last phase includes clean up, and the most important part of the excercise: The Report.This report is a step by step detailed guide on how the test was carried out, what vulnerabilities were encountered, how these were exploited (including custom exploit code where applicable), risk factors, information accessed and much, much more.

VSecurity Advantage

  • Exploit Development
     In many scenarios, it is necessary to create custom tools and write custom code. Our experience in exploit development allows us to succeed where others fail.
  • Real World. Real Attackers
    Our team uses all the methods available to a real attacker. These include social engineering attacks, physical penetration attacks, war dialing and more.
  • 0 day attacks
    Our security experts regularly find 0 day vulnerabilities, giving us the upper hand.