What we test
The process will begin by mapping the attack surface, approaching the work like a real work threat actor, before hunting for vulnerabilities. Once vulnerabilities are discovered we walk through exploitation to demonstrate the real-world risk of issues. We’ll analyse the discovered vulnerability and provide guidance on remediation.
At the end of the day, we’ll review the findings and give guidance on how systems and applications could be hardened. We help candidates make exploitation action more difficult, and attack detection easier.
Mapping and Intelligence Gathering
Before the engagement begins, we’ll map the attack surface to discover alive hosts, services, and versions, as well as mapping application functionality.
We’ll demonstrate methods of finding and confirming vulnerabilities and highlight how to minimise false positives.
Proof of Concept and Confirmation
Where vulnerabilities are discovered, a proof of concept exploit will be created to demonstrate the potential business risk. This ensures that false positives are removed by manually confirming and demonstrating all discovered vulnerabilities.
We’ll show you how to discover weaknesses within exposed applications and leverage those weaknesses to demonstrate as much business risk as possible. In other words, you get to step into the shoes of a hacker for the day.