OFFENSIVE SECURITY SERVICES
Vulnerability Scanning
A mostly automated assessment of vulnerabilities and misconfiguration on the network – a good place to start
Web Application Assessment
These assessments test the security of web applications. We simulate attackers with no, limited and full access to the application. We identify and report on vulnerability and logic flaws in the application, APIs and supporting infrastructure.
Penetration testing
manual assessment of the infrastructure. We attempt to identify as many vulnerabilities as possible such as: Where can we get unauthorised access? Can we escalate our privilege to an administrator? Are there any weak or default logins? Can we crack passwords?
Mobile Application assessments
A mobile assessment is concerned with vulnerabilities and logic flaws in a smart phone application. Could attackers gain more access to the application than was intended. What about APIs and supporting infrastructure?
Red Teaming Assessments
A more sophisticated round of security testing designed for companies that have already spent a lot of time and energy hardening their security. These tests mimic sophisticated attackers focused specifically on your organisation. These tests usually provide no scope or limitations and sometimes include simulating the TTP of known threat actors.
Cloud Penetration Testing
The cloud is just someone else’s computer”. The risk and responsibility remains yours. These tests are intended to identify and report on any vulnerabilities on your cloud infrastructure and provides a sanity check for intended configurations.
OT Risk (Cyber) ASSESSMENTS
Attackers are focusing on Operational Technology (OT) and Internet of Things (IOT) devices as an easy point of entry with dire consequences if un-authorized access is gained. We attempt to break into this infrastructure using the most current attacks and techniques as is being seen from real threat actors today.
Social engineering
Are your staff members vulnerable to manipulation by attackers? Are you getting a good return on your security training expenditure? Should you invest in training? Our advanced social engineer testing goes well beyond templated phishing attacks including phoning staff members and pretending to be an employee. Instant messaging, phone calls and emails are all fair game and we’ll use open source intelligence supported research to craft customized attacks.