No two organisations are identical, and so the first step we make when providing our services is determining the profile of the organisation and its attack targets, as well as modelling the threats. Our approach to testing allows us to verify the effectiveness of technical and organisational measures employed by the company in respect of preventing, detecting, and reacting to cyberattacks, as well as to assess the organisation’s preparedness and ability to respond to a cyberattack.
Part of the tests are sociotechnical attacks which verify awareness of the company’s employees and their training in terms of recognising and reacting to security threats. Information regarding the organisation and its employees is collected from publicly accessible sources before approved actions are taken.
How do we do it?
Each test consists of specifically designed scenarios tailored for the given organisation, which includes launching a simulated attack with the aim of acquiring a designated target. An example of such a scenario and a target would be an attack conducted with the aim of taking control over industrial control infrastructure or hijacking an e-mail server and transferring messages out of the company without the administrator finding out.
Our scope of operations encompasses:
- network infrastructure
- server infrastructure
- workstations, devices
- wireless networks
- physical protection
- social engineering
- systems and applications
We provide you the opportunity to discover weak points in your security, we equip you with the knowledge about their root causes, and we offer you guidelines on how to deal with them. You will be able to protect yourself from hackers by thinking like one. Our tests can also help you achieve compliance with legal requirements and best industry practice.
We conduct tests in accordance with industry standards such as OWASP. We adjust our approach depending on the specific client’s needs, using one of the three types of tests.
no information from the client, we perform a full reconnaissance, searching for attack points, acting like a malicious attacker
the client provides general information for the reconnaissance such as IP addresses, applications used, and domain names
the client provides full information for the reconnaissance, which helps reduce the time and cost of the operation
Approach to the project
No two organisations are the same, so every new project begins with an introductory workshop where we define and confirm the purpose, scope, and schedule of the project and where we explain our strategies and attack vectors.
We aim to improve security and mitigate business risk in order to help your organisation make better decisions regarding safety in the future.
We undertake all efforts in realisation of our projects and we always dedicate our finest resources and best practitioners for the purpose of achieving the project’s goals.
For every project we allocate data security specialists with a lot of technical experience.
Our recommendations are clear and presented in such a way as to best communicate problems and risks to our clients.
TAILORED TO YOUR NEEDS
We work with both small and large organisations, so we are always able to adjust the project’s scope to particular business goals and technical maturity of any company.