PENETRATION TESTING SERVICES
Whether it's an internal penetration test to assess your local network, wireless network security and physical safeguards or an external pen-test to assess your organization's attack surface from a malicious actor's point of view, penetration testing uncovers critical issues and provides you with a clear view of how well your network and sensitive data are protected.
Birch Cline penetration tests are performed manually and typically include the following phases:
This phase explores your organization's public and Internet presence identifying exposures of information on places like social media or archived websites which a hacker could use to gain access to your critical data.
These findings are often items that get overlooked by an organization not recognizing the presence of risk they represent, then utilized by a creative malicious mind to gain access to organizational data.
In this phase Birch Cline maps your network to identify critical systems and services as well as potential gaps in network protections.
We take special care to document and detail the enumeration process in order to provide you with valuable insight into how the data was arrived upon, where it was found and why it is valuable in the eyes of a malicious actor.
The exploitation phase includes thorough researching and documentation of the potential vulnerability exploit methods, capabilities and associated risk.
Then based on the goals of the organization the identified exploits are manually tested, verified and documented.
After manually testing and proving identified exploits, our teams leverage compromised systems to move laterally, gain and escalate privileges in an effort to fully understand, demonstrate and document potential exposure impact.
Utilizes pre-disclosed information provided by the customer. White box testing can be utilized to reduce the overall time of testing by removing the need to perform portions of the reconnaissance and enumeration phases. Additionally, by pre-disclosing information the customer is able to define specific areas of concern for testing and assessment.
Additional terms and options to understand when considering a penetration test:
From a testing perspective involves an assessment of employee awareness by attempting to gain access or information that includes or would facilitate the exposure of sensitive organizational data. Social engineering tests include but are not limited to phone, e-mail, social media and physical access assessments.
White Box Testing:
Black Box Testing:
No prior knowledge of the environment is made available prior to the testing process. Black box testing is performed by following steps that a malicious actor with no affiliation to the organization would take to research and gather publicly available information to plan and deploy an attack against an organization.
Red Team Assessment:
A full scope, multi-faceted adversarial simulation to obtain the most realistic understanding of an organizations risk and vulnerabilities including physical controls, network, applications and people.