Eng
Consulting

Penetration Testing

Scanners find vulnerabilities. Pentesters find consequences!

We use a mix of tools, including AI for certain actions and activities. 

Our engineers will run the network scanning tools to map the network addresses and network layout of the target environment, including all possible IP addresses, open ports (which require full port scan), domain names by reverse DNS checking and domain names provided by the customer.

The most important things happen after. Our experts will work with every identified vulnerability and will validate whether it is an open door that can be opened and entered into.   

The standard approach is presented below:

  • Scoping – Technical Specialists will seek detailed confirmation of the scope of the test. To ensure technical team stay within the law, the confirmation of the IP address range and authorization to test would be requested.
  • Reconnaissance – using various open source intelligence sources, we would look for information available on the client and the application – this includes any details of implementation, technologies deployed, and email addresses that could possibly be used by an attacker as part of social engineering.
  • Threat Modelling – Building a method of attack that will imitate the actions of an attacker. We typically use the STRIDE method developed by Microsoft for this exercise with specific limitation on DoS.
  • Vulnerability Assessment – we map the attack surface of the infrastructure and application, identifying possible vulnerabilities that may be used in execution of attack.
  • Exploitation – at infrastructure and application level, we explore the available services and logic paths in the application, attempting to exploit common vulnerabilities such as those found in OWASP, subvert errors in programming, and logical flaws in the architecture (such as handling sensitive information in an insecure manner).
  • Post-exploitation – we obtain a level of access, and then use this to:
    • obtain sensitive information
    • pivot through to other servers and services reachable from the compromised server
    • obtain credentials that can be used in other exploit attacks
  • Reporting – we provide a detailed report as described further
  • Closing Meeting – organize a workshop with an overview of findings and recommendations for the client.

Get a quote: info@bsd.md