Penetration test is a controlled simulation of a real hacker attack which is one of the most reliable measures to check the effectiveness of a security system. The penetration test is adapted to the peculiarities of each customer and carried out as neatly as possible in order not to damage productive business processes. We can carry out penetration using various methods and a vast variety of infrastructures. The existing exploits are adapted for execution in the Customer's computer environment, and new ones may be developed by agreement. We can modify our means to evade the operation of intrustion prevention systems and antivirus tools. Typical methods include:
Logical level attacks on the following targets
- vulnerable published infrastructure services and applications
- websites
- mobile applications
- controllers and other elements of industrial systems (SCADA)
- wireless networks and interfaces (Wifi, Bluetooth, GSM/CDMA, Wireless HART, IR, Wireless RS232/485 etc.)
- vulnerable protocols within the network, including various attacks on the 2nd level of the OSI model
- connection to unprotected USB, Firewire interfaces and penetration into the system (combined with the physical penetration test)
- telephony
Social engineering attacks
- phishing messsages and communications in instant messaging applications and social networks, telephone calls, personal communication
- all the file types possible that carry load to penetrate the customer's network
- portable carriers with load to penetrate the network (exploits, BadUSB etc.)
- clone websites to find out passwords and other valuable information
Physical penetration
- evasion of locks, passwords and other elements that hinder penetration
- search for confidential information and unprotected interfaces along the perimeter secured
- penetration using social engineering methods
- search for electromagnetic, audio and visual information leakage channels. If you have become interested in the penetration test, please also consider the "Vulnerability scan" and "Stress testing".