Ethical hacking

Comprehensive security assessment of infrastructure, applications, networks and organizations from code analysis through vulnerability tests to social engineering.

During ethical hacking, our experts use the techniques of real attackers to test the target. This is the most efficient way for our clients to learn about the vulnerabilities in their systems.

Each project covers a threat model to reveal relevant risk. It's important that all the steps are taken within the set of rules pre-arranged with the client.

For us, the primary goal of these assessments is to make the systems of our clients more secure. Hence, we think it's important that achieving a higher level of security requires fixing the issues we find.

Since IT is changing fast, security assessment results aren't forever. New threats appear, development is continuous, thus we recommend to repeat such tests on a regular basis.

Our most frequent kinds of projects based on our history:

  • Penetration testing
  • Application testing (web, thick clients, smartphone)
  • Network testing
  • Wireless network testing
  • Device testing (vulnerability / configuration testing)
  • Source code analysis
  • Client side testing
  • Social engineering
  • Vulnerability assessments related to PCI DSS, PSD2, GDPR

We perform the above assessments based on a set of information supplied by the client to match the potential of the modeled attackers. This usually fits into one of the common approaches below:

  • Black-box testing: only a minimal amount of information (eg. IP address, company name, website, etc.) is made available to the testers
  • Gray-box testing: besides the bare minimum needed to access the system being tested, additional bits of information is made available to the testers
  • White-box testing: as much as possible information is made available to the testers

What do you get out of it, how does ethical hacking help you?

The resulting product of all our assessments is an expert's report that includes

  • a detailed description of all the steps performed,
  • the types of tests,
  • all identified instances of vulnerabilities, and
  • depending on the needs of the client, the appropriate remediations.

Our goal is that our clients realize the vulnerabilities and risks, which could mean a threat their business if exploited. Creating, maintaining and supervising information security systems and processes is a complex task.

In order for us to provide you a discreet “Silent Signal” regarding these, don't hesitate to contact us. Find out how we can help you with our services before it's too late!

Training

Custom IT security trainings tailored to the client – including sessions for systems administrators, developers or regular users.

The possible set of vulnerabilities in IT is not confined to the systems themselves. Employees using the system, along with systems administrators and developers extend the attack surface.

An IT security training focusing on the specific domain of the target group can be an effective way to get rid of the frequent bugs of the past. Participants will

  • be presented with issues that could arise from the bad practices of the past and
  • learn best practices during the course of such training sessions.

Our trainings

  • can be standalone sessions or built upon the results and conclusion of a penetration test,
  • can be targeted at IT staff or average users,
  • are always tailored to your needs and objectives.

Consulting

We help you make the best infrastructural solutions and configurations from a security perspective with a vendor-neutral approach.

Architecture implementation audit

Examining the architecture of and relationship between systems can reveal substantial security issues. A detailed revision of your network topology can help you validate your defense-in-depth implementation.

These are out of the scope of penetration tests, thus can remain hidden from the client. However, the results of such an assessment can hint at such issues.

Hardening

Servers and architectures performing critical tasks are prime targets for security hardening. Hardening consists of a set of context-specific configuration changes. This helps to improve the level of security in the system, thus lowering the chances of a successful compromise. Hardening can be an effective means of defense by following international recommendations and best practices.