PENETRATION TESTING

When is a Penetration Testing necessary?

Covert Threats Penetration Testing services must be coupled with a Vulnerability Assessment. This service is cost-effective in discovering one of the most critical areas of risk in all environments, Technical Vulnerabilities, while also taking the vulnerability findings a step further by validating the discovered vulnerability and attempting the exploits. Penetration Testing is the most robust method to stimulate a real tactics used by malicious actors attempting to access your corporate environment.

What you receive

Executive Summary Report

Detailed Technical Report

Designed for managers, executives and board of directors.

Designed for technical teams apart of the remediation.

This report contains a high overview of the organizations overall security posture with vulnerabilities and successful exploitation’s ranging from critical to low.

This report contains a detailed description of all vulnerabilities and successful exploitation’s ranging from critical to low with remediation recommendations.

Executive Summary Report

Designed for managers, executives and board of directors.

This report contains a high overview of the organizations overall security posture with vulnerabilities and successful exploitation’s ranging from critical to low.

Detailed Technical Report

Designed for technical teams apart of the remediation.

This report contains a detailed description of all vulnerabilities and successful exploitation’s ranging from critical to low with remediation recommendations.

Why Choose Covert Threat

Excelling Security, Covert Threat provides more than raw scan data, our security experts assist your organization in analyzing the vulnerabilities, attempting exploitations and confirming the legitimacy of the vulnerabilities potential risk towards your organization’s environment. Our experts will recommend the best course of action to address the remediation plan using standard industry scoring matrix such as Common Vulnerability Scoring System (CVSS) while catering the potential risks towards your current organizational infrastructure.

NETWORK DEVICES

The identification of vulnerabilities and validation by exploitation for internal and external network hosts

CLOUD

Testing the cloud corporate infrastructure through vulnerability validation and exploitation (Azure, AWS, GCP)

WIRELESS

Assessing wireless networks broadcasting and encryption by attempting to gain access

WEB APPLICATIONS

Locking down exposed web applications security flaws through identification and exploitation of vulnerabilities

INTERNET of THINGS

Testing IoT security defenses, uncovering vulnerabilities and providing solutions on attack vectors

MOBILE

Testing of mobile applications in iOS (IPA) and Android (APK). Identifying vulnerabilities and validation through exploitation

SOCIAL ENGINEERING

Testing the human defenses of an organization. Email phishing, USB drops, phone & onsite impersonation to name a few

CONTINUOUS PT

Continuous penetration testing for frequent changes and newly developed code to ensure real-time vulnerability minimization

ACTIVE DIRECTORY

Reconnaissance of Active Directory users and group memberships with attempts of account takeovers

"your trust, our security"

vulnerability Scanning vs. Penetration Testing

Know the Difference!

Vulnerability Assessment

Penetration Testing

Frequency

Monthly. Plus an additional test after changes in the network.

At least once a year. Typically quarterly or semi-annually.

Reporting

Comprehensive list of vulnerabilities, which may include false positives.

A “call to action” document. It lists the vulnerabilities that were successfully exploited.

Performed By

In-house security staff or a third-party vendor like Covert Threat.

A provider of penetration testing services like Covert Threat.

Value

Uncovers a wide range of possible vulnerabilities.

Identifies and reduces weaknesses by validating and exploiting vulnerabilities.

Vulnerability Assessment

Frequency

Monthly. Plus an additional test after changes in the network.

Reporting

Comprehensive list of vulnerabilities, which may include false positives.

Performed By

In-house security staff or a third-party vendor like CyberArq.

Value

Uncovers a wide range of possible vulnerabilities.

Penetration Testing

Frequency

At least once a year. Typically quarterly or semi-annually.

Reporting

A “call to action” document. It lists the vulnerabilities that were successfully exploited.

Performed By

A provider of penetration testing services like CyberArq.

Value

Identifies and reduces weaknesses by validating and exploiting vulnerabilities.

Penetration Testing Approach & Methodology

1. Define Scope

Detailed outline with the customer to define what assets are in scope.

5. Exploitation

Exploit vulnerabilities discovered in the vulnerability analysis stage with custom and generic exploitation scripts.

2. Information Gathering

Map out the corporate infrastructure based on services, ports, hardware, software and operating system. 

6. Post Exploitation

Successful exploitation’s lead to privilege escalation and new vulnerabilities to test for exploitation.

3. Threat Modeling

Determine mission critical and connected assets to corporate data through white, gray or black box approach.

7. Reporting

Creation of  Executive and Detail technical reports for both management and remediation team.

4. Vulnerability Analysis

Utilize enterprise and custom scanning tools to uncover vulnerabilities.

8. Exit Call

Call scheduled with customers management and remediation team to explain in detail the findings and assist in remediation processes.

1. Define Scope

Detailed outline with the customer to define what assets are in scope.

2. Information Gathering

Map out the corporate infrastructure based on services, ports, hardware, software and operating system. 

3. Threat Modeling

Determine mission critical and connected assets to corporate data through white, gray or black box approach.

4. Vulnerability Analysis

Utilize enterprise and custom scanning tools to uncover vulnerabilities.

5. Exploitation

Exploit vulnerabilities discovered in the vulnerability analysis stage with custom and generic exploitation scripts.

6. Post Exploitation

Successful exploitation’s lead to privilege escalation and new vulnerabilities to test for exploitation.

7. Reporting

Creation of  Executive and Detail technical reports for both management and remediation team.

8. Exit Call

Call scheduled with customers management and remediation team to explain in detail the findings and assist in remediation processes.

Geo-Shield.png

Is your business secure?

REQUEST

CovertThreat is ready to assist with all your organizational security needs! 

Geo-Shield.png

Are you Prepared?

ASSESS

Our team of  industry experts are ready to assess your organizational end-points to discover all possible security flaws.

Geo-Shield.png

Lets Us Find your Weak-points!

SECURE

Once we assess your organization for security flaws, our team provides the a detailed solution to eliminate the potential threat vectors. We work with you!

Your Trust, Our SECURITY

talk to a cyber security expert today!