OFFSEC

[vc_row][vc_column][vc_column_text]

[/vc_column_text][/vc_column][/vc_row]

[vc_row css=”.vc_custom_1562856023555{background-image: url(https://blackcell.io/wp-content/uploads/2019/07/parrot-1.jpg?id=277) !important;}” el_id=”pentest”][vc_column css=”.vc_custom_1562751244006{padding-right: 10% !important;padding-left: 10% !important;}”][vc_column_text css_animation=”fadeInDown” css=”.vc_custom_1562841978314{padding-bottom: 50px !important;}”]

 

Penetration Testing

[/vc_column_text][vc_btn title=”INQUIRY” color=”primary” align=”center” css_animation=”fadeIn” link=”url:%2Fcontact%23form|||”][vc_empty_space][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInLeft” css=”.vc_custom_1564050022036{border-radius: 2px !important;}”]

What does it mean?

Penetration testing is a vertical, in-depth operation during which we are to reach the deepest level possible in the system. For this, we select those vulnerabilities which result in the most advantageous stance for execution.

[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInLeft”]

The procedure

After a detailed inspection of the target system our professionals  exploit the identified vulnerabilities to ensure attacker:

  • into what depths could infiltrate the system,
  • what data could acquire,
  • whether could execute a malicious code, open a backdoor and thus create a persistent threat being present,
  • regarding the above what would be the scale of the attack one could effectuate?

[/vc_column_text][/vc_column_inner][/vc_row_inner][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInRight”]

Expected Results

As a result, You could get a comprehensive picture of Your information security solutions’ effectiveness and the possible utilization scenarios of the existing vulnerabilities. In addition, we provide help for correcting non-conformities.

[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][cq_vc_timeline roundradius=”medium” ismove=”true”][cq_vc_timeline_item]Reconnaisance[/cq_vc_timeline_item][cq_vc_timeline_item]Manual and automated testing[/cq_vc_timeline_item][cq_vc_timeline_item]Validation[/cq_vc_timeline_item][cq_vc_timeline_item]Exploiting vulnerability[/cq_vc_timeline_item][cq_vc_timeline_item]Attack modelling[/cq_vc_timeline_item][cq_vc_timeline_item]Risk Assessment[/cq_vc_timeline_item][cq_vc_timeline_item]Reporting[/cq_vc_timeline_item][/cq_vc_timeline][/vc_column_inner][/vc_row_inner][vc_separator css_animation=”slideInLeft”][/vc_column][/vc_row][vc_row css=”.vc_custom_1562856044830{margin-right: 10% !important;margin-left: 10% !important;}” el_id=”osint”][vc_column][vc_column_text css_animation=”fadeInDown” css=”.vc_custom_1562843622183{padding-bottom: 50px !important;}”]

OSINT

[/vc_column_text][vc_btn title=”INQUIRY” color=”primary” align=”center” css_animation=”fadeIn” link=”url:%2Fcontact%23form|||”][vc_empty_space][vc_row_inner content_placement=”middle”][vc_column_inner width=”1/2″][vc_single_image image=”297″ img_size=”700×500″ alignment=”center” css_animation=”fadeInLeft”][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInRight”]

What does it mean?

Open Source Intelligence-based information gathering is a survey of the online presence of an organization, based on the analysis and comparison of data collected over the Internet and other sources.[/vc_column_text][vc_column_text css_animation=”fadeInRight”]

The procedure

During the process, we search for all relevant information regarding the target (social media, job postings, websites, news portals, a corporate website(s) on the clear web, and any additional data on the dark web, etc.). which is then subjected to correlation tests and analysis.[/vc_column_text][vc_column_text css_animation=”fadeInRight”]

Expected Results

You can get a complete picture of your company’s Internet presence, possible relationships, information about the organization available from public sources (employees, company data). In addition, you can gain assurance that sensitive information about the company could be found online (email, password, etc.)

The result of the process is a correlation report that contains information about which sources can be extracted, what direct and indirect relationships exist or can be set up.[/vc_column_text][/vc_column_inner][/vc_row_inner][vc_separator css_animation=”slideInRight”][/vc_column][/vc_row][vc_row css=”.vc_custom_1562856064486{margin-right: 10% !important;margin-left: 10% !important;}” el_id=”social”][vc_column][vc_column_text css_animation=”fadeInDown” css=”.vc_custom_1562849211484{padding-bottom: 50px !important;}”]

Social Engineering

[/vc_column_text][vc_btn title=”INQUIRY” color=”primary” align=”center” css_animation=”fadeIn” link=”url:%2Fcontact%23form|||”][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInLeft”]

What does it mean?

In the course of social engineering, an attacker strives to access the systems through the employees and the information they possess. The two vectors of the attack are aimed at exploiting basic human nature, including the use of helpfulness/empathy and conflict avoidance. No matter how advanced the security of a system is, if the information security awareness of the users is inadequate, the degree of protection is significantly reduced. Social engineering measures the degree of ‘maturity’ of employees and physical protection.

[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInRight”]

Expected results

As a result of the investigation, you will get a comprehensive picture of your employees’ information security awareness, the state of physical and logical protection, and the level of adequacy of incident management.[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][/vc_column_inner][/vc_row_inner][vc_empty_space][vc_row_inner][vc_column_inner width=”1/2″][cq_vc_flipbox fronttitle=”Human Social Engineering” backtitle=”Human Social Engineering” backcontentcolor=”#ffffff” backbuttonbg=”#050510″ backbuttonhoverbg=”#050510″ cardstyle=”customized” frontbg=”rgba(0,0,0,0.01)” backbg=”rgba(0,0,0,0.01)” cardborder=”solid” bordercolor=”#607290″ elementheight=”400″]Shoulder surfing – peeking information
Tailgating – entering behind the employee
Dumpster diving – going through office waste
Placing data storages
Manipulation– dezinforming[/cq_vc_flipbox][/vc_column_inner][vc_column_inner width=”1/2″][cq_vc_flipbox fronttitle=”Digital Social Engineering” backtitle=”Digital Social Engineering” backcontentcolor=”#ffffff” backbuttonbg=”#050510″ backbuttonhoverbg=”#050510″ cardstyle=”customized” frontbg=”rgba(0,0,0,0.01)” backbg=”rgba(0,0,0,0.01)” cardborder=”solid” bordercolor=”#607290″ elementheight=”400px”]Phising – fraudulent attempt to obtain sensitive information
Spear phising – pre-selected phishing targeting
Whaling – like of spear phishing a group is a target, but in this case it is the management level
Vishing – voice phishing
Pharming – redirects to a false page without the user’s knowledge, requires no activity from the victim
OSINT – Collecting information from publicly available sources[/cq_vc_flipbox][/vc_column_inner][/vc_row_inner][vc_separator css_animation=”slideInRight”][/vc_column][/vc_row][vc_row parallax=”content-moving” parallax_image=”362″ css=”.vc_custom_1562856102235{margin-right: 10% !important;margin-left: 10% !important;}” el_id=”ics”][vc_column][vc_column_text css_animation=”fadeInDown” css=”.vc_custom_1564057766244{padding-bottom: 50px !important;}”]

Industrial Control System Assessment

[/vc_column_text][vc_btn title=”INQUIRY” color=”primary” align=”center” css_animation=”fadeIn” link=”url:%2Fcontact%23form|||”][vc_empty_space][vc_row_inner equal_height=”yes”][vc_column_inner width=”1/3″][vc_column_text css_animation=”fadeInLeft”]

ICS, SCADA

For industrial control systems (ICS, SCADA), safety is a basic requirement as they manage critical components. SCADA systems feature HMI (Human Machine Interface) and logical controllers (PLCs) that monitor industrial operations and support systems such as the IT network, web servers, and databases that work together in a common environment.[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text css_animation=”fadeInUp”]

PLC

A programmable logic controller that has both input and communication ports. It is primarily used to control equipment for industrial usage. Generally speaking, it uses a higher level programming language, running on an internal operating system. Compact and modular PLCs are distinguished in terms of structure.[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/3″][vc_column_text css_animation=”fadeInRight”]

HMI

(Human Machine Interface or “Human Machine Operator Interface”) is normally a terminal with an LCD display and an operator peripheral. Its task is to provide interaction and feedback on the parameters, status and messages of the equipment.[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInLeft”]

 

 

The procedure

The assessment is done in a test or in a strictly controlled live environment with restricted testing.

  • Reconnaissance of network and attached devices
  • Analysis of network separation, border protection solutions, identification of potential vulnerabilities.
  • Examining the services, protocols, and communication directions used by given devices.
  • Detection, analysis and validation of PLCs, RTUs, ICS-specific routers and switches, HMI and other device OS and application layer vulnerabilities.
  • Reporting

[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInRight”]

 

 

Expected results

As a result, you will receive feedback on the IT security situation of your industrial control system and, in case of any non-compliancy, suggestions for fixing, hence improving the security of your IT environment..[/vc_column_text][/vc_column_inner][/vc_row_inner][vc_separator css_animation=”slideInLeft”][/vc_column][/vc_row][vc_row parallax=”content-moving” css=”.vc_custom_1563776801600{margin-right: 10% !important;margin-left: 10% !important;}” el_id=”redteaming”][vc_column][vc_column_text css_animation=”fadeInDown” css=”.vc_custom_1562851377591{padding-bottom: 50px !important;}”]

Red Teaming

[/vc_column_text][vc_btn title=”INQUIRY” color=”primary” align=”center” css_animation=”fadeIn” link=”url:%2Fcontact%23form|||”][vc_empty_space][vc_row_inner][vc_column_inner width=”1/2″][vc_single_image image=”381″ img_size=”full” alignment=”center” css_animation=”fadeInLeft”][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInRight”]

What does it mean?

A testing methodology-system that includes the complete service set of the Offensive business from OSINT information collection trough penetration testing to social engineering.

A well-designed information security system is a combination of physical security, communication security, computer and network security solutions. To achieve this, measures must be put in place to prevent unauthorized use of the company’s information resources and unauthorized access to sensitive data assets.

This service supports our risk management which aims at determining the company’s risk rating and vulnerabilities related to technology, employees, and facilities.[/vc_column_text][/vc_column_inner][vc_column_inner][vc_empty_space][/vc_column_inner][/vc_row_inner][vc_empty_space][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInRight”]

The procedure

Red teaming involves a series of built-in and parallel attacks:

  • OSINT Information gathering
  • Vulnerability assessment and Penetration Testing
  • Social Engineering

[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInLeft”]

Expected results?

The purpose of the attacks is to identify real threats that can be exploited during a possible malicious attack, thereby providing data leaks and compromising the entire system/network to compromise the attacker.

As a result of this operation, physical, hardware, software and human vulnerabilities will be identified, a better understanding of the risk level of the company will be promoted, and suggestions for the correction of recognized non-conformities will be developed.[/vc_column_text][/vc_column_inner][/vc_row_inner][vc_separator css_animation=”slideInRight”][/vc_column][/vc_row][vc_row parallax=”content-moving” css=”.vc_custom_1562856136481{margin-right: 10% !important;margin-left: 10% !important;}” el_id=”vuln”][vc_column][vc_column_text css_animation=”fadeInDown” css=”.vc_custom_1562851503063{padding-bottom: 50px !important;}”]

Vulnerability Assessment

[/vc_column_text][vc_btn title=”INQUIRY” color=”primary” align=”center” css_animation=”fadeIn” link=”url:%2Fcontact%23form|||”][vc_empty_space][vc_row_inner][vc_column_inner width=”1/4″][cq_vc_gradientbox avatartype=”icon” avataricon=”entypo” icon_entypo=”entypo-icon entypo-icon-network” boxtitle=”Website / Web application inspection” titlealign=”center”][/cq_vc_gradientbox][/vc_column_inner][vc_column_inner width=”1/4″][cq_vc_gradientbox avatartype=”icon” avataricon=”entypo” icon_entypo=”entypo-icon entypo-icon-flow-tree” boxtitle=”Network (LAN, WiFi)”][/cq_vc_gradientbox][/vc_column_inner][vc_column_inner width=”1/4″][cq_vc_gradientbox avatartype=”icon” avataricon=”material” icon_material=”vc-material vc-material-android” boxtitle=”Mobile application inspection” titlealign=”center”][/cq_vc_gradientbox][/vc_column_inner][vc_column_inner width=”1/4″][cq_vc_gradientbox avatartype=”icon” avataricon=”material” icon_material=”vc-material vc-material-desktop_mac” boxtitle=”Software inspection”][/cq_vc_gradientbox][/vc_column_inner][/vc_row_inner][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text css_animation=”fadeInLeft”]

What does it mean?

A horizontal test, during which we uncover, identify the target system’s weak points that are prone to an attack. An in-depth investigation is not part of the testing, only the validation of the found vulnerabilities.

Types of the Assessment:

    • Website / Web application inspection
    • Network (LAN, WiFi)
    • Mobile application
    • Software inspection

Expected results

You can get an extensive picture of the vulnerabilities being present in Your system. In addition, we provide help for fixing the issues.[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][cq_vc_timeline roundradius=”medium” ismove=”true”][cq_vc_timeline_item]Reconnaisance[/cq_vc_timeline_item][cq_vc_timeline_item]Manual and automated testing[/cq_vc_timeline_item][cq_vc_timeline_item]Validation[/cq_vc_timeline_item][cq_vc_timeline_item]Risk Assessment[/cq_vc_timeline_item][cq_vc_timeline_item]Reporting[/cq_vc_timeline_item][/cq_vc_timeline][/vc_column_inner][vc_column_inner][vc_empty_space height=”100px”][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row]

Top