On Reconnaissance phase we gather preliminary data or intelligence on the appointed targets. Data acquired on this phase is required for better attack planning. Usually this is part of the scope of work drafting and precisely defines the boundaries for our activities.
Our Approach - 6 steps of Penetration Testing
Vulnerability assessment phase aims to identify and risk-score all the weaknesses in the environment subject to tests.
On this phase our experts try to exploit previously identified and agreed upon vulnerabilities. It is done by combination of publicly available exploit code, state of the art penetration tools and internal manually crafted code.
The purpose of the Post-Exploitation phase is to determine the value of the compromised system and to maintain control for later use. This phase is vital for properly determine the business impact (unauthorized access to high value targets, access elevation, data manipulation, data exfiltration, further penetration into infrastructure, ability for attack persistence) due to successful attack.
Based on the actual results of the exploitation phase we prepare and deliver customer-specific indicators of compromise when mitigation is costly and time-consuming process.
On this phase we provide all the findings in transparent manner in format usable for both Senior management and technically prepared personal including visual demonstration of the damage that can be inflicted by malicious attacker.