Skip to content

Services

1

Application Pentesting

Hands-on testing combining source code reviews along with black/grey box testing that pokes and prods at any weaknesses your systems reveal.

 

Red Teaming

Have our expert security analysts perform a full red team operation against your business based on threat actors actively operating in your industry vertical.

 

Red Teaming

Have our expert security analysts perform a full red team operation against your business based on threat actors actively operating in your industry vertical.

 

Network Pentesting

For new products or environments that need testing, our team provides a full review of IoT, OT, Application, or other produces that require the highest level of security assurance.

 

Maintaining the Highest Standards in Industry Certification

Industry Certifications

Offensive Security Certified Professional (OSCP)
Offensive Security Certified Expert (OSCE)
Offensive Security Wireless Professional (OWSP)
GIAC Penetration Testing Certification (GPEN)
GIAC Reverse Engineering Malware (GREM)

Frequently asked Questions

A penetration test is an engagement focused on discovering the vulnerabilities present on an application or network. It is limited in scope and targets. Whereas a red team engagement is using any and all legal methods available to gain access to a companies crown jewels.

We recommend a penetration test of your external network, internal network, and critical web applications at least once per year. However, if you have made significant changes to your network or critical applications it is a good idea to have a new penetration test conducted.

Yes. Our experienced assessors have assisted organizations with their compliance and regulatory needs when it comes to penetration testing.

The average penetration test is separated into phases. As an example, and external and internal penetration test will usually take two to three weeks. A red team engagement can last as little as 3 weeks but have lasted as long as 3 months depending on the size and complexity of the organization.

We believe a great penetration test should highlight what the real risks and vulnerabilities are to a company. The findings should contain evidence of findings, steps to reproduce the finding, and clear remediation steps. If you are seeing a sample report that contains hundreds of SSL/TLS vulnerabilities, for example, you are probably looking at what we call a “scan house” who runs a vulnerability scan and labels it as a penetration test.

A vulnerability scan is a great way of identifying the known, low hanging fruit, issues you may have. However, vulnerability scans are notorious for missing issues not stored in it’s database such as issues in custom software and applications. It will also not highlight the ways attackers gain elevated access or full control over internal networks. This is where we can help with our penetration testing services. We look for the ways a criminal organization might take to wreak havoc on your network. We also evaluate what tactics, techniques, and proceeders you can alert on versus the ones you can’t, helping elevate your alerting capabilities.