esureity.com Welcome to eSureITy - Penetration Tests

 

home

Penetration Tests

eSureITy assessors utilize an unique assessment process for all penetration testing assessments. Our two step assessment process is comprised of a “Blind Hack” and a “Full Knowledge” assessment. This process allows our team to simulate the tactics and techniques of a real world hacker while ensuring that “no stone is left unturned.”

Your eSureITy assessment team will perform two assessments both internally and externally. The first round of testing is performed completely “blind” with the assessor receiving only the name of the organization to be assessed. This ensures that the testing will be commensurate with the threats and tactics of a real world hacker. This will also allow our clients to see what information that a hacker could find out about your organization. Upon completion of the “Blind Hack,” your assessor will then be given all of the IP addresses and domains at your perimeter that need to be assessed to ensure that a thorough test and assessment of your internal or external networks has been performed. With this process, our assessment team boasts a 99.27% penetration testing rate internationally.

Another key differentiator to our assessment process is that our assessors are restricted to only utilizing open source tools during the “Blind Hack” portion of your penetration test. This ensures that your assessment process is again… commensurate with the tools and tactics that exist for a real world hacker.

Our assessment processes offered as one time, monthly, quarterly, and annually services against both internal or external networks.

Penetration testing Specialties:

eSureITy offers a suite of Penetration testing specialties to include: 

  • Red Teaming
  • Social Engineering
  • Impersonations
  • Physical and Technical Controls Bypass
  • Phishing
  • Telephony - War dialing

Red Teaming:

Our Red Teaming assessment process begins with clearly defined rules of engagement that dictate the parameters of the assessment. From there… it is an “anything goes” attempt to penetrate your physical, logical and technical controls for enterprise security. Our specialized team boasts over sixteen years of military and Special Forces training and experience across three branches of service. If you want to know if it can be done, how it can be done… we will be glad to show you.

Our standard Red Teaming services are focused on both the IT network as well as the physical and technical countermeasures designed to provide first and second layers of security defense. We employ both overt and cover penetration testing designed to mimic the tools and tactics of a would-be hacker, disgruntled employee, terrorist or industrial spy.

While each assessment is unique, our standard process includes but is not limited to the following:

  • Assessment planning
  • Physical reconnaissance
  • Penetration Testing and physical  premise and plant compromise
  • Capture the flag
  • Reporting and presentations

Social Engineering:

eSureITy offers three forms of Social engineering with our uniquely suited and highly skilled professionals.

Email Social Engineering Attacks

Utilizing harvested email information from the Internet and or those provided by you, assessors will customize evasive and probing emails and send them to your employees to gather information about the email system and to gather usernames and passwords for later use on the internal network.

Telephony Social Engineering

Assessors will contact a sampling of employees who are most likely to be contacted by hackers and test their willingness to divulge sensitive information about the bank and its customers.

Physical reconnaissance utilizing Social Engineering

Assessors will perform social engineering of employees at remote branches and offices in an attempt to harvest sensitive information about the client and their customers. We will also attempt to gain access to computer and communication rooms posing as service technicians or other appropriate cover. These attacks are generally performed on an impromptu basis as a result of successful telephony or other Social Engineering tactics.

War Dialing:

In accordance with our standard policies, eSureITy will conduct an examination of the potential vulnerabilities associated with the customer implemented telephony network, including:

  • Enumeration of telephony devices through the use of automated war dialing processes with multiple iterations as required to identify targets of interest
  • NPA-NXX records inclusive of POTS, PBX and DID assigned numbers
  • Manual probing and exploiting of vulnerabilities to identify and exploit vulnerabilities that could lead to the compromise of systems or data.

Wireless Network Assessments and Penetration Testing:

In accordance with our standard policies, assessors will conduct an examination of the wireless network with the intent to penetrate.  eSureITy will assess the following Wireless Security parameters:

  • Enumeration and identification of anticipated Wireless networks
  • Enumeration and identification of unanticipated Wireless networks
  • Penetration testing of discovered networks in operation by the client.

eSureITy has penetration testing proficiency against Open, WEP, WPA, WPA-PSK secured networks utilizing over 1 Terabyte of Dictionary files and RainbowTables for Cryptanalysis attacks against both traditional wired and wireless networks.

The greatest consideration for our clients generally relates to finding and choosing the right team… with the right skills and experience to perform their security assessments. The eSureITy team has the experience, tools, and the successes to give you confidence and assurance that your assessment has been performed at the highest level of proficiency!

 

Learn More    |    Back to top