Overview
Securing external and internal networks
Identify vulnerabilities for Internet facing infrastructure, operating systems, and services. The assessment utilises tools, techniques, and procedures (TTP) commonly utilised by key threat actors to compromise cloud networks and systems.
Assessing from the adversary’s standpoint
The external network or internal network penetration test is performed from the standpoint of an external threat actor, or adversary that has breached the perimeter, with limited knowledge of the target environment and without valid credentials to available services. Using a combination of automated and manual testing methods, a consultant will look to exploit identified vulnerabilities to bypass controls, and gain access to the system or gain access to your sensitive information.
Industry standards and proprietary methods
CyberCX employs a combination of the same techniques as adversaries, as well as its own proprietary tools and methods to perform the penetration test. These techniques include:
System Misconfiguration and Software Exploitation – Gain initial access through password attacks, default configurations, and other implementation weaknesses
Password Cracking – Crack obtained password hashes to gain access to user accounts or systems
Persistent Control – Take control over the environment through multiple account compromises or hijacked execution flows
Defence Bypass – Evade known defensive mechanisms through custom tools developed by CyberCX, combined with bypassing known endpoint and network level protection capabilities
Privilege Escalation – Escalate privileges through process injection attacks or misconfigured application and operating system deployments
Command and Control – Ensure command and control remotely to the environment through encrypted egress channels and protocol tunnelling
Comprehensive Assessment
Manual Validation – Reduced false-positive findings through validation of all findings
Attack Surface Discovery – Identify your internet facing, cloud services, and internal attack surface
Authentication – Assess multi-factor authentication implementations and determine your alignment to best practice with your authenticated external services e.g. VPN, HTTPS
Email Protection – Assess implemented security frameworks that protect and alert against email spoofing attacks
Detailed Analysis – Encryption standards, domain and DNS configuration analysis, TLS and SSL certificate reviews, network segmentation, and more.
Reach out to leads@cybercx.com.au to learn more about this product.
Sold by | CyberCX |
Categories | |
Fulfillment method | Professional Services |
Pricing Information
This service is priced based on the scope of your request. Please contact seller for pricing details.
Support
The CyberCX Support Service provides 24/7 assistance from our team of skilled support consultants. Contact us on:
NZ Phone: +64 800 436 273
AU Phone: +61 1300 031 274
Email: leads@cybercx.com.au
https://cybercx.com.au/solutions/security-testing-and-assurance/