Network Penetration Testing
What could a skilled and motivated attacker accomplish if given network-level access to your external and/or internal network and no additional information? What practical controls can you implement to reduce the risk of such real-world compromises? These are the questions that we can answer for you when performing a network penetration test, and the answers can often be quite surprising.
A network penetration test should not be confused with a simple network vulnerability scan. Although scanning is part of the testing process, it’s the manual testing and exploitation that is the hallmark of a good penetration test. Our skilled testers often chain exploits together to achieve specific goals, such as obtaining Domain Administrator access, accessing credit card information, or targeting other “crown jewels”. Most importantly, we document how we achieved such compromises and provide targeted, practical advice on how to tighten up the security of your network
NETWORK PENETRATION TESTING SERVICES
HOW Skillathon Technologies IS DIFFERENT FROM OTHERS
You’re guaranteed to receive a high-quality, thorough test due to our proprietary testing methodology, which involves the use of leading commercial and open source testing tools and a large amount of manual testing and analysis.
- Our reporting differentiates us from the competition – you’ll receive an actionable, custom-written report containing expert advice tailored to your business, not just automated scan results.
- We’re with you every step of the way throughout the remediation phase beginning with a thorough debriefing of all findings.
- Our security professionals have real-world offensive and defensive information security experience in a wide variety of environments and keep up-to-date on the latest attack techniques.
OUR APPROACH
Preparation – Skillathon Technologies team arranges a conference call to review your network diagrams, determine which IP ranges are in-scope for the penetration test, provide an overview of our testing process, and discuss any special testing requirements.
Discovery – Defined IP addresses, address ranges or Internet domains are scanned using automated tools at the Internet-layer (IP and ICMP,) and within the IP-layer on all TCP and privileged UDP ports. Responses from any given IP address, service or port are recorded. During this phase, we often discover devices and services on your network that were previously unknown to you.
Enumeration – Responses captured during the discovery phase are compared to databases of known response types (fingerprinting). Known ports and services are mapped, providing an initial target profile for subsequent test steps.
Vulnerability Identification – All targets on your network are probed for vulnerabilities using a variety of vulnerability scanning tools as well as targeted manual testing. If critical vulnerabilities are identified during the course of testing, we notify you immediately so that remediation can begin right away.
Exploitation – Significant issues identified during the testing process are exploited in order to both demonstrate the vulnerabilities and better determine the level of risk posed by the issues. A wide variety of tools and techniques are used in this phase, depending on the nature of each vulnerability being exploited. Our testers attempt to chain exploits together to gain a higher level of access to the network.
Report Preparation – Skillathon Technologies takes the results of both the automated and manual penetration testing and compiles a consolidated report, detailing all vulnerabilities uncovered during the testing process along with severity levels and recommendations for how to remediate each vulnerability that was identified.
Debriefing – Skillathon Technologies presents all findings to executives and key stakeholders, answers all questions, and provides remediation advice.
WHAT DO YOU GET?
An actionable, custom-written Architecture / Design Review Report, which describes the application’s security posture and lists all vulnerabilities identified. We also provide a threat model matrix that describes the controls that are in place or missing in relation to each vulnerability, along with custom remediation advice.
Expert consultation throughout the remediation phase
Our Skills
Request a Free Quote
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque