Penetration testing in its simplest terms is testing a company networks susceptibility to being ‘penetrated’ or accessed by someone without authorization to do so. It has become a little like flying a plane, every teenager who has played a flight simulator thinks they can do it, however you probably wouldn’t trust your life to them! Excellent ‘hacking’ tools such as Metasploit have enabled many to press and squeeze a network, but would you trust your security and companies Intellectual Property to a ‘button pusher’?
The reality is that company security testing is significantly more complex than that. Gone are the days where a serious attacker will simply scan your network for vulnerabilities and then execute an attack. Most are a combination of Open Source Information gathering (see my course!), physical surveillance, a physical or electronic Social Engineering attack culminating in gaining access to electronic data.
Most professional attacks now tend to follow this approach:-
- Open Source information gathering to identify people that know each other and email addresses etc
- Construct a Social Engineering attack perhaps in the form of a Phishing email spoofed from one employee to another containing a malware laden PDF
- Once the receiving employee has opened the email we have access to the users computer
- Now inside the network we expand our reach, enhance privileges and carry out dastardly deeds.
How we can help
CSITech has its own internal expertise but realizes that your security is greater than our ego to want to do everything ourselves. Hence we partner with world leaders in their areas of expertise on several continents to bring you the best testing and advice available.
We will attack your company, not purely to reach a Standard or to ‘tick boxes’ for the Board but using the same methods as Eastern European crime groups, certain Nation States and other parties able to cause you serious harm and revenue loss. We are not cheap, but we are the best!