Leverage tools and techniques to identify potential vulnerabilities in your infrastructure and applications
Penetration testing is a process which involves tools and techniques to identify and exploit potential vulnerabilities in your infrastructure or applications.
This manual assessment supported by highly customised tools and methodologies focuses on precise objectives, with testing efforts prioritised on your most pressing security concerns. The engagement simulates a realistic attack to identify what actions a malicious actor could perform, and what impact your organisation would be subject to if a security issue is exploited.
The outcome of the test is a detailed report, listing vulnerabilities and remediation recommendations, together with step by step instructions and screenshots on how to reproduce the findings. It also includes a high-level summary which caters for a non-technical audience.
Web Application and Services
Assess internal and external custom web
applications
and web services following the OWASP testing methodologies.
Desktop Applications
Analyse binaries, configurations and network
communications
of your desktop applications.
Mobile Applications
Review iOS and Android mobile applications and their
backend APIs.
The ATT&CK project from MITRE documents and details common tactics, techniques and procedures (TTPs) advanced persistent threat actors implement while performing attacks against your network.
The aim of the engagement is to imitate adversaries' operations from the initial access compromise, through how they maintain persistence in your environment and avoid detection, to how they move laterally, and finally extract data.
SilentGrid will work closely with your internal security team to manually walk through different attack techniques and identify areas that might not be covered by your detection and response instruments. We will then provide recommendations on how to fine-tune and improve your security tools.
Attackers commonly rely on password cracking when establishing persistence or moving laterally across your network.
Statistics generated from our previous engagements show that an average of 30% of users' password hashes** can be cracked in under 1 hour with publicly available tools and dictionaries, and inexpensive hardware resources. Impersonation of an employee's digital identity often leads to privilege escalation or access to sensitive data stored on the network.
Our password analysis service produces statistics on credential complexity and password reuse and generates a risk score based on account permissions and exposure.
** based on NetNTLMv2 hashes
The service highlights weaknesses in the configuration of cloud services, workstation and server operating systems, and network devices, and provides recommendations on how to increase their overall security posture.
SilentGrid's configuration review methodologies are aligned with industry standards and designed to help your organisation follow best practices.
Cloud Configuration Review
Ensure that your data in Azure or AWS is
adequately protected.
SOE Configuration Review
Assess the security of your Standard Operating
Environment setup.
Server Configuration Review
Harden the configuration of your servers by
correcting
common security weaknesses.
Network Device Configuration Review
Secure your network devices following
security best
practices.
SilentGrid can perform a tool-assisted manual review of your application's source code. This service will ensure that developers have implemented secure development techniques and that security controls are in place to prevent potential attacks.
Some of the languages we can review are:
C/C++
C#
Java
JavaScript
Perl
Python
PHP
Objective C / Swift