LinkedIn Tracking

Penetration Testing Services

Social Engineering - Red Team Testing - Physical Penetration Testing - Internal and External Pen Tests

Penetration Testing

Conducting penetration testing to test your cyber defences for weaknesses is very important. It is also a requirement for some types of organisations. Having a penetration testing system based in industry standards along with techniques honed over years of experience provides our clientele with consistent results. Beginning with an understanding on your organisation and its operations, we come up with a list of likely threats that you may be exposed to.

This understanding will then give us enough information to begin our penetration and attack the defences just like a malicious actor would. We do not deploy vulnerability testing only, we also use tools developed by our team. Thorough reports are provided upon conclusion of both one-off assignments and our ongoing managed service, which include recommendations to strengthen your security, policies and procedures.

Social Engineering Testing

One of the most successful methods spies and criminals use to gain access to a company is social engineering. Social Engineering Testing is a part of penetration testing that aims to identify and validate weaknesses associated with your staff’s ability to abide by detailed policies and methods. An attack is usually carried out by someone who intentionally influences a staff member’s judgement or general interest.

How we can help

Advances in computer and information security have made it increasingly difficult to hack into an organisation. Network defences, encryption and detection systems have forced cyber attackers to find easy targets. These targets are usually staff who may unknowingly divulge sensitive information. This could be at a social gathering, or by placing a USB drive that they found with their company branding on it into their computer thus infecting it with a Trojan

Common methods social engineers use are:

  • BAITING – whereby the attacker leaves an infected peripheral such as a USB memory stick in a common staff area in the hope a staff member inserts it into their computer or hands it to the IT department.
  • TAILGATING – whereby an attacker follows another staff member into a secure area before the door has closed
  • PHISHING – whereby an assailant sends an email masked as another staff member or a genuine source and directs the staff member to open the infected file or follow a link
  • PRETEXTING – whereby the attacker persuades a staff member to hand over restricted material by mimicking someone else.

By testing and measuring your staff’s response to external emails and calls or analysing and measuring the physical security in a sensitive area of your company or by conducting a controlled baiting exercise to see the extent of the staff’s security awareness, our experts are able to secure your intellectual property and trade secrets to give you peace of mind.

Red Team Testing

What is a Red Team? A Red Team is a group of experts who act like motivated attackers. Their objective is to test the security of an organisation. All aspects of security are tested, from physical, cyber, information, operational, and social engineering. The Red Team needs to essentially gain access to a part of a facility undetected and report on all vulnerabilities and risks by any means possible, then report on the findings. We would then implement security measures based on our recommendations.

Other types of penetration tests focus on one type of security control, whereas a Red Team focuses on gaining access.

A Red Team will encompass a variety of exercises, all with the authority of the client:

  • Surveillance and reconnaissance
  • Social engineering
  • Site inspection and assessment
  • Physical penetration
  • Access pass duplication
  • Picking locks and more

Physical Penetration Testing

Conducting physical penetration testing of a facility or office ensures the proper controls are in place to protect your organisation and its data and assets. Having the greatest cyber security plan in place without securing the physical security of your premises is akin to an attacker bypassing security and going through a side door that is not secure. Our professionals assess the physical structure such as doors and locks, access control, unattended areas, monitoring of the flows of people in and out of a premises, and so on.

Once this assessment is complete, our penetration testers will use multiple methods to try and gain access into the premises, such as social engineering, cloning access cards, tailgating employees, USB drops, disabling CCTV cameras, and the evasion of alarms. A report along with recommendations on how to mitigate any risks will be presented upon completion of the test.

Internal Network Penetration Testing

An internal network penetration test is utilised to test what could happen in the event a disgruntled employee attacks the internal network, or if an external attacker has gained internal access. The way in which an attacker gains access could be as simple as sending an infected link in an email to a team member who inadvertently clicks on the link, thus allowing the attacker a way in. Very similar in the way an external network penetration test would occur, however, the internal attack has internal access.

Our examiners check computer systems, scanning of computer ports, applications and software security review, outdated systems that are not supported, account and password weaknesses, anti-virus and anti-malware systems, and the human element.

External Network Penetration Testing

Just like an internal network penetration test, an external test checks what an attacker could potentially gain access to with limited knowledge of the organisations network and computer systems. The goal is to confirm whether any devices or hosts available from the internet within a set IP block allow an attacker a way into the network