Pentesting

Advanced Pentesting Services

Analyze cyber threats that materialize cyber risks

The penetration test or "pentest" consists of an offensive security test where a real cyber attack is simulated in a controlled environment. The objective is to find weaknesses that an attacker could exploit to complete threats such as information theft, improper access, causing service failures or the installation of malware, etc.

Pentesting is the discipline that encompasses this type of exercise. The Cybersecurity team is in charge of executing the pentest under the conditions agreed with the client, agreed scope, objectives, modality and necessary depth.

Pentest Modality

Black box

En los ejercicios de caja negra se parte del desconocimiento de la infraestructura del cliente, el equipo de pentesting no tiene información previa acerca de activos o usuarios.

White box

In this modality, detailed information on the technologies and target applications is available, including the source code of the application, network maps, architecture, etcetera.

Grey box

In a gray box penetration test, the team in charge of the execution has partial information about the target, such as legitimate user accounts to be used in the process, information about technologies used or IPs to be analyzed.

Penetration test perspective

  • Internal

    Internal penetration tests are developed from the perspective of an attacker with wired or wireless access to the internal network, these test include remote Access like VPN or remote desktop.

  • Perimeter

    The company's perimeter comprises all assets that are accessible through the Internet, including public IPs, websites, domains and any exposed services.

Penetration testing methodology

  • Reconnaissance

    Initial phase in which as much information as possible is obtained about the target using different techniques.

  • Post Exploitation

    In this step, objectives are defined that have to do with systems compromise, persistence, lateral movement and information exfiltration.

  • Identification

    Identification focuses on analyzing the information collected and looking for weaknesses.

  • Pentest reports

    The reports allow us to see how the penetration test occurred, the weaknesses that were exploited by the team that simulated the cyber attack, security recommendations for IT and development teams to remediate the reported vulnerabilities, and methods for security managers to prioritize the findings.

  • Exploitation

    In exploitation work, access is obtained to systems that can later be used for post-exploitation work.

In-depth Pentest

  • Automated

    Internal intrusion test with the support of technology that allows to obtain a vision of the most relevant vulnerabilities together with a threat map that will serve as support for external intrusion exercises and to identify the attack vectors with the path of compromise of the systems.

  • In Depth

    In Depth pentesting, an intrusion is performed manually by expert pentesters who are familiar with the techniques and procedures commonly used by cyber attackers.

  • Comprehensive

    Hybrid pentesting service that combines the properties of the previous ones in a periodic and continuous duration. Targets are defined and evaluated by the cybersecurity team and the client.