Offensive Security service, or “penetration test”, is an assessment that evaluate the security of an IT infrastructure by safely simulating a real-world hacking scenario. The ultimate goal is to help identify specific risks which, when addressed, will positively impact on your overall security.
xfiltrated’s background include years of experience hunting vulnerabilities on :
- Applications Web, mobile, desktop and server.
- Security devices and systems Turnstiles, webcams ecc…
- Large public and internal networks external network perimeter or intranet networks.
- Wireless and IoT devices and various new toys
- Phisical buildings Like critical places, banks and Server farms
Penetration tests are customized to your environment; no two assessments are ever the same.
Almost all of the activities can be approached in three different ways:
- BlackBox simulate an external hacking or cyber warfare attack, in this scenario your attacker has no knownledge about the target.
- GreyBox simulate an internal hacking or malware attack, in this scenario the attacker will know some information about the target.
- WhiteBox this kind of tests will involve full-knownledge of the target, also code-review activities could be involved.
Every approch goal to provide a detailed report about all the vulnerabilities found during the activity, their risk and impact, description of the attack and the required fix/solution steps.
Depending on the deep-level of the assessment vulnerabilities could be exploited in order to determine the real risk of the threat for the business and possible ways for an attacker to pivot inside the intranet network from the compromised systems.
During the assessment xfiltrated appreciate contact to the development team in order to discuss bugs, vulnerabilities and solutions, this methodology will let you get the most critical vulnerabilities fixed and re-checked before the end of the activity.