To assess and evaluate the security of your systems, we simulate cyber-attacks and conduct an in-depth security assessment to identify both vulnerabilities, as well as strengths, to have a full risk assessment report.

Online penetration test

We simulate the possibilities of an external attacker trying to abuse or intrude the client’s network. The objective is to lay bare any vulnerabilities or security misconfigurations that could have a detrimental impact on the confidentiality, integrity, or availability of the client’s infrastructure.

Server analysis
  • Analysis of communications, used services, server ports, core server, Hosting, Sharing & Firewall
  • Exploitation of vulnerabilities
Web analysis
  • Analysis of framework, code, requests, vulnerabilities related to technologies and versions
  • Exploitation of vulnerabilities
Application Testing
  • Analysis of code, operation & internal connections to the application, different key resources that can be targeted
  • Exploitation of vulnerabilities

Local penetration test

We focus on the network and IT infrastructure, trying to expose configuration errors in the technical perimeter controls and potentially exploitable vulnerabilities. The goal is to list and protect all devices connected to the client’s network.

Analysis of local server
  • Check of the access points security: WIFI & others
  • Check of network communications
  • Check of workstation security
  • Check of internal communications tools
  • Analysis of firewall programs
  • Analysis of all hosts: camera, printers, IOT & others
  • Exploitation of vulnerabilities of local infrastructure

We perform different types of penetration tests

Black-box pentest or blind test

Our pen testers don’t receive any information. This type of pen test comes closest to a real hacker attack.

Grey-box test

Our pen testers have limited access and knowledge on the client’s system. This allows a more focused an efficient assessment of network security.

White-box test

Our pen-tester receive full access to information including source code and architecture documentation. This type of analysis allows static code analysis.

Social engineering

We set-up tailor made social engineering campaigns that exploit human error, to show that unsuspected users can be tricked into exposing data, spreading malware or even giving access to restricted systems.

Tailor made campaign
  • Identification of Internal staff
  • Setup of a scenario to enter the premises
  • Attempt to enter the premises
  • Attempt to intercept the badges & entree codes
  • Attempt to enter at night time by bypassing the security guardian & cleaning person
  • Attempt to access secured areas of the building
  • Confidential information gathering
  • Possibility of documents ex-filtration & importance assessment

Business Continuity Readiness

Based on our intrusion tests and an in-depth analysis of the current IT infrastructure, processes, and awareness level we define the current cybersecurity maturity level and hack-value of the client.

Security assessment
  • Define threats & actors
  • Define criticality of systems and data
  • Define Business Impact
  • Review organizational structure
  • Review processes and policies
  • Analysis of cybersecurity practices
  • Review other security aspects