Offensive Security

Penetration Testing

What does it mean?

Penetration testing is a vertical, in-depth operation during which we are to reach the deepest level possible in the system. For this, we select those vulnerabilities which result in the most advantageous stance for execution.

The procedure

After a detailed inspection of the target system our professionals exploit the identified vulnerabilities to ensure attacker:

  • into what depths could infiltrate the system
  • what data could acquire
  • whether could execute a malicious code, open a backdoor and thus create a persistent threat being present
  • regarding the above what would be the scale of the attack one could effectuate

Expected Results

As a result, You could get a comprehensive picture of Your information security solutions’ effectiveness and the possible utilization scenarios of the existing vulnerabilities. In addition, we provide help for correcting non-conformities

  • Reconnaisance
  • Manual and automated testing
  • Validation
  • Exploiting vulnerability
  • Attack modelling
  • Risk Assessment
  • Reporting

OSINT

What does it mean?

Open Source Intelligence-based information gathering is a survey of the online presence of an organization, based on the analysis and comparison of data collected over the Internet and other sources.

Expected Results

You can get a complete picture of your company’s Internet presence, possible relationships, information about the organization available from public sources (employees, company data). In addition, you can gain assurance that sensitive information about the company could be found online (email, password, etc.)

The result of the process is a correlation report that contains information about which sources can be extracted, what direct and indirect relationships exist or can be set up.

The procedure

During the process, we search for all relevant information regarding the target (social media, job postings, websites, news portals, a corporate website(s) on the clear web, and any additional data on the dark web, etc.). which is then subjected to correlation tests and analysis.

Industrial Control System Assessment

ICS, SCADA

For industrial control systems (ICS, SCADA), safety is a basic requirement as they manage critical components. SCADA systems feature HMI (Human Machine Interface) and logical controllers (PLCs) that monitor industrial operations and support systems such as the IT network, web servers, and databases that work together in a common environment.

PLC

A programmable logic controller that has both input and communication ports. It is primarily used to control equipment for industrial usage. Generally speaking, it uses a higher level programming language, running on an internal operating system. Compact and modular PLCs are distinguished in terms of structure.

HMI

(Human Machine Interface or “Human Machine Operator Interface”) is normally a terminal with an LCD display and an operator peripheral. Its task is to provide interaction and feedback on the parameters, status and messages of the equipment.

The procedure

The assessment is done in a test or in a strictly controlled live environment with restricted testing.

  • Reconnaissance of network and attached devices
  • Analysis of network separation, border protection solutions, identification of potential vulnerabilities
  • Examining the services, protocols, and communication directions used by given devices
  • Detection, analysis and validation of PLCs, RTUs, ICS-specific routers and switches, HMI and other device
  • OS and application layer vulnerabilities
  • Reporting

Expected results

As a result, you will receive feedback on the IT security situation of your industrial control system and, in case of any non-compliancy, suggestions for fixing, hence improving the security of your IT environment.

Social Engineering

What does it mean?

In the course of social engineering, an attacker strives to access the systems through the employees and the information they possess.
The two vectors of the attack are aimed at exploiting basic human nature, including the use of helpfulness/empathy and conflict avoidance. No matter how advanced the security of a system is, if the information security awareness of the users is inadequate, the degree of protection is significantly reduced. Social engineering measures the degree of ‘maturity’ of employees and physical protection.

Human Social Engineering

  • Shoulder surfing – peeking information
  • Tailgating – entering behind the employee
  • Dumpster diving – going through office waste
  • Placing data storages
  • Manipulation – dezinforming

Expected results

As a result of the investigation, you will get a comprehensive picture of your employees’ information security awareness, the state of physical and logical protection, and the level of adequacy of incident management.

Digital Social Engineering

  • Phising – fraudulent attempt to obtain sensitive information
  • Spear phising – pre-selected phishing targeting
  • Whaling – like of spear phishing a group is a target, but in this case it is the management level
  • Vishing – voice phishing
  • Pharming – redirects to a false page without the user’s knowledge, requires no activity from the victim
  • OSINT – Collecting information from publicly available sources

Vulnerability Assessment

What does it mean?

A horizontal test, during which we uncover, identify the target system’s weak points that are prone to an attack. An in-depth investigation is not part of the testing, only the validation of the found vulnerabilities.

Types of the Assessment:

  • Website / Web application inspection
  • Network (LAN, WiFi)
  • Mobile application
  • Software inspection

Expected results

You can get an extensive picture of the vulnerabilities being present in Your system. In addition, we provide help for fixing the issues.

  • Reconnaisance
  • Manual and automated testing
  • Validation
  • Risk Assessment
  • Reporting

Red teaming

What does it mean?

A testing methodology-system that includes the complete service set of the Offensive business from OSINT information collection trough penetration testing to social engineering.

A well-designed information security system is a combination of physical security, communication security, computer and network security solutions. To achieve this, measures must be put in place to prevent unauthorized use of the company’s information resources and unauthorized access to sensitive data assets.

This service supports our risk management which aims at determining the company’s risk rating and vulnerabilities related to technology, employees, and facilities.

The procedure

Red teaming involves a series of built-in and parallel attacks:

  • OSINT Information gathering
  • Vulnerability assessment and Penetration Testing
  • Social Engineering

Expected results

The purpose of the attacks is to identify real threats that can be exploited during a possible malicious attack, thereby providing data leaks and compromising the entire system/network to compromise the attacker.

As a result of this operation, physical, hardware, software and human vulnerabilities will be identified, a better understanding of the risk level of the company will be promoted, and suggestions for the correction of recognized non-conformities will be developed.