About Penetration Test
Overview
Our penetration testing engagements identify threats to your organization, key assets that may be at risk, and the threat agents that may attempt to compromise them. Each engagement is customized to your requirements and may span from breaching a single host to gaining deep network access. We begin by identifying assignment objectives, as well as the attack vectors and scenarios that we’ll use. Throughout the engagement, we provide ongoing status reports, immediate identification of critical risks, recommendations to enhance security, and knowledge transfer for your technical team. At the end of the process, we ensure you have a complete understanding of the exploitable vulnerabilities in your environment and recommended remediation strategies. Our penetration methodology follows these standard phases:
Information Gathering
- Information found on the Internet that relates to your company, your employees, and your systems
- Network mapping and host discovery
- Service identification, vulnerability scanning, and web application discovery
- Identification of critical systems and network protections
Vulnerability Exploitation
- Active exploitation of vulnerable systems and applications
- Password guessing against available services and applications
Vulnerability Identification
- Research exploits and attacks based on enumerated information
- Manual testing tailored to the deployment and business purpose of the target
Post Exploitation
- Escalation of privileges and compromised credentials
- Use of compromised systems to gain access further into the network
- Attempts to access business-critical systems or information to demonstrate impact
Daily Briefings
During the test, we communicate with you daily to let you know what we did, what we found out, and what we have planned for tomorrow. Giving you an opportunity to ask questions or make changes at any point in the test.
Executive and Technical Reports
At the conclusion of the test, Hellfire provides you with two reports: one for executive management so that they can understand the risks involved and one for the IT department, demonstrating the attacks and what we were able to accomplish with them, so that they can recreate what we found both before and after remediation. Allowing them to ensure that the risk is really gone.
Types of Tests
Perimeter Test
Hellfire Security identifies the vulnerabilities found on your perimeter network.
Network Test
Hellfire Security identifies the vulnerabilities found on your internal network.
Web, Mobile, and Enterprise Application Penetration Testing
Hellfire Security identifies the vulnerabilities found in a specific applications
Red Team
Full scope, anything goes penetration test that targets the whole organization.
Web3
Hellfire Security identifies the vulnerabilities found in the wallet, rpc, and web components of your web3 application.