Collaborative Testing

Leverage tools and techniques to identify potential vulnerabilities in your infrastructure and applications

image

Penetration Testing

Manually assess your infrastructure and software to identify vulnerabilities that could be leveraged to compromise the confidentiality, integrity and availability of your digital property.

Penetration testing is a process which involves tools and techniques to identify and exploit potential vulnerabilities in your infrastructure or applications.

This manual assessment supported by highly customised tools and methodologies focuses on precise objectives, with testing efforts prioritised on your most pressing security concerns. The engagement simulates a realistic attack to identify what actions a malicious actor could perform, and what impact your organisation would be subject to if a security issue is exploited.

The outcome of the test is a detailed report, listing vulnerabilities and remediation recommendations, together with step by step instructions and screenshots on how to reproduce the findings. It also includes a high-level summary which caters for a non-technical audience.

Web Application and Services
Assess internal and external custom web applications and web services following the OWASP testing methodologies.

Desktop Applications
Analyse binaries, configurations and network communications of your desktop applications.

Mobile Applications
Review iOS and Android mobile applications and their backend APIs.

Adversary Emulation

Apply the MITRE ATT&CK knowledge base to emulate attacker behaviours using manual techniques and automated tools, and assess your defensive mechanisms and monitoring capabilities.

The ATT&CK project from MITRE documents and details common tactics, techniques and procedures (TTPs) advanced persistent threat actors implement while performing attacks against your network.

The aim of the engagement is to imitate adversaries' operations from the initial access compromise, through how they maintain persistence in your environment and avoid detection, to how they move laterally, and finally extract data.

SilentGrid will work closely with your internal security team to manually walk through different attack techniques and identify areas that might not be covered by your detection and response instruments. We will then provide recommendations on how to fine-tune and improve your security tools.

image
image

Password Analysis

Assess your current employees' security awareness by running a password analysis against your Active Directory environment.

Attackers commonly rely on password cracking when establishing persistence or moving laterally across your network.

Statistics generated from our previous engagements show that an average of 30% of users' password hashes** can be cracked in under 1 hour with publicly available tools and dictionaries, and inexpensive hardware resources. Impersonation of an employee's digital identity often leads to privilege escalation or access to sensitive data stored on the network.

Our password analysis service produces statistics on credential complexity and password reuse and generates a risk score based on account permissions and exposure.

** based on NetNTLMv2 hashes

Configuration Review

Whitebox assessment of systems and network devices to identify vulnerabilities within their configuration.

The service highlights weaknesses in the configuration of cloud services, workstation and server operating systems, and network devices, and provides recommendations on how to increase their overall security posture.

SilentGrid's configuration review methodologies are aligned with industry standards and designed to help your organisation follow best practices.

Cloud Configuration Review
Ensure that your data in Azure or AWS is adequately protected.

SOE Configuration Review
Assess the security of your Standard Operating Environment setup.

Server Configuration Review
Harden the configuration of your servers by correcting common security weaknesses.

Network Device Configuration Review
Secure your network devices following security best practices.

image
image

Source Code Review

Audit your application's source code to identify security vulnerabilities that might not be easily identifiable during a regular penetration test.

SilentGrid can perform a tool-assisted manual review of your application's source code. This service will ensure that developers have implemented secure development techniques and that security controls are in place to prevent potential attacks.

Some of the languages we can review are:

C/C++
C#
Java
JavaScript
Perl
Python
PHP
Objective C / Swift