SPECIAL OFFERINGS

Abstract Lines
testy_rozwiązania_klasy_network_access_control

NETWORK ACCESS CONTROL TESTS

  • Verification of correct configuration of devices constituting the implemented system (both for LAN and ELAN access).

  • Configuration of core devices responsible for the operation of the system.

  • Configuration of sample LAN and WLAN network switches.

  • Configuration of 802.1x supplicant on stations running Windows, Linux, MacOs which use authentication based on X.509 certificates.

  • Configuration of other devices, such as printers, IP phones, video terminals, using other authentication methods.

  • Verification whether the complete scope of events related to network access and to the ability to detect abuse is logged.

  • The core part of testing consists in active verification of the possibility to breach security and gain unauthorised access to the network. The method used in testing includes the verification of threats presented in the OWASP Top 10 Mobile Risks Test findings are used to create a report, delivered in an electronic form, including the description and proof of identified vulnerabilities and guidelines aimed at their elimination.

A zero-day vulnerability is one that remains unknown even to the party or parties responsible for their patching. Once a zero-day vulnerability is made public it is referred to as an n-day or one-day vulnerability.

Zero-day vulnerabilities pose a particular threat as there are virtually no means of defending against them - the updates that would fix them are yet to be developed. One-day vulnerabilities are especially dangerous in the beginning of their life cycle as many users of the compromised product will not have updated to a patched version yet.

Cyber-security R&D plays the central role in being able to conduct quality penetration tests and lies at the core of our identity as a company. The tools developed based on in-house research enable us to run penetration tests, including

APT Red Team tests, more efficiently. True to the slogan "hack the unhackable", our extensive R&D efforts enable us to succeed where others fail.

Key areas of interest:

  • creating RAT-type software for MS Windows/Android systems

  • design and implementation of secure and hidden communication channels between malware and the management centre

  • creating droppers for Windows systems, including bypassing indicated EDR/AV mechanisms

  • creating fuzzers which enable, among others, detecting zero-day vulnerabilities

  • creating PoC for one-day class vulnerabilities for specified CVE

  • comparing updates to filter out one-day vulnerabilities

  • reverse engineering in Linux and Windows systems

  • searching for vulnerabilities in selected frameworks, web applications, thick client applications, servers

  • attacks on mechanisms that enable remoting methods such as: Java RMI, Java JMX, .NET Remoting

  • Gain access to unknown vulnerabilities discovered by our Engineers

.

research_&_development
 

Under this service we perform a simulation of a multi-level targeted attack on an organisation based on the earlier agreed attack vectors.

The operation may include such elements as:

  • creation of dedicated exploits / tools / malware, attempts at a controlled infection

  • running a dedicated phishing campaign

  • simulated exfiltration of client's key data

  • controlled infection of selected machines and verification of whether we are able to infect client's machines with the existing protections in place

  • simulated communication between malware and the management centre inside the client's network using HTTP protocols and DNS - checking network security to identify malware traffic.

  • attacks on the client's infrastructure, including its components connected to the Internet, IT systems, wireless networks, internal networks, security systems, etc.

  • social-engineering attacks

  • attempts to breach physical protections, including trying to enter the facilities or protected areas.

Post-incident analysis recreates the actions taken by the attacker, including manual and automatic analysis of malicious software, identification of tools and methods, detecting rootkits, backdoors, keyloggers and Trojan horses used to perform the attack, as well as securing the evidence so that it is undisputed in possible future proceedings.

The following activities are performed within the scope of the analysis:

  • securing copies of virtual machines

  • analysis of changes to configuration files and logs

  • analysis of changes to permissions

  • analysis of other data aimed to finding out who, when and how broke into the system

  • analysis of the scope of a potential data leak

  • preparing a report with recommendations.

Below you may find brief Wikipedia definitions of types of malware. If you would like to learn more on the topic to raise your awareness of the threat and be better prepared to defend, our engineers may introduce you into the secrets of creating malware and exploits during one of our trainings.

Rootkit

a tool that enables breaching the security of IT systems. It masks dangerous files and processes, which allow maintaining control over the system.

Keylogger

A type of software or device that registers the keys pressed by the user.

Backdoor

Aloophole in system protections placed with the intention of exploiting it in the future. A backdoor may be left in the system by, for instance, a hacker who broke in exploiting another software loophole.

Trojan horse

malicious software disguised as an application that seems useful or attractive to the user additionally, it implements various unwanted functions that are hidden from the user (spying software, logic bombs, loopholes that enable taking control of the system by unauthorised persons).

testy_penetracyjne_active_directory

TESTS OF THE 
ACTIVE DIRECTORY ENVIRONMENT

Frequently clients scan their infrastructure for vulnerabilities whose results show no critical threats. They are, therefore, convinced the infrastructure is secure. Specialist targeted Active Directory tests show, however, that a skilled attacker is well able to obtain domain administrator permissions simply by using domain configuration flaws which remains unnoticeable to classic vulnerability scanners.

  • Active and passive analysis

  • attempting to obtain authorizing data within the network

  • attempts to escalate authorizations within Windows domain

  • attacks on SMB, as well as NTLMv1 and NTLMv2 authorization

  • searching for users with high broad authorizations and undertaking attacks on their workstations

  • attempts to gain password abbreviations from the LDAP.

LEARN MORE