24X7 Support Portal

Assessments

Pentest

(Network Penetration Test)

A Pentest Assessment is a multi-day effort by a certified security professional that mimics an attack on your network under conditions of your choice.

Our report details our findings and recommends actions to secure your infrastructure.

Request a Quote

How it works

This is the subtitle

Picture1a

Phase 1: Recon

In this phase, we perform open-source intelligence gathering focused on identifying the client's public presence. This will help us identify targets for the assessment, potential threats, and leaked data.

Phase 2: Survey

In this phase, we use port and service scanning, OS fingerprinting, and leveraging the results of vulnerability scans to enumerate the attack surface area and openings. This will help us identify open ports, protocols, and services passing traffic in and out of the environment; we then fingerprint and catalog versioning information on all protocols and services available, as well as present vulnerabilities detected.

Phase 3: PenTest

In this phase, an attack plan is formed using data gathered in previous phases. The attack plan will consist of probing vulnerabilities, singular and chained sequence attacks, and custom attacks prepared by testers. The focus of the attack plan is to gain access to systems and data. Once initial access is gained, the goal shifts to escalating privileges to make the attack more pervasive and gain access to sensitive assets and information.

Phase 4: Crack

In the last active phase of the PenTest, password cracking and strength testing is included, using username and potential authentication details gathered during previous phases, with a goal of obtaining access to services and devices that are not available through a configuration error or vulnerability exploitation.

Phase 5: Report

Within a few days, we will submit a report that compiles the result of the penetration testing, including:

  1. Review of objectives
  2. Prioritized action list
  3. Comprehensive findings for all issues found
  4. Risk analysis and recommendations
  5. Documented attack chains and proofs-of-concept
  6. Compliance results, if applicable

A security expert will also be available for a one-hour conference call to discuss the findings.

Flexible Targets

A Pentest Assessment can focus on any assets you select, including:

  1. PCI SAQ C section 11.3.4 compliance testing
  2. Custom webapp security
  3. External and internal hosts
  4. Access via local accounts

The Latest Tools

Our security experts are proficient with dozens of cutting-edge security tools, including:

  1. Nmap
  2. Maltego
  3. FOCA
  4. Fierce
  5. DNSenum
  6. SEAT
  7. Dnsmap
  8. metagoofil
  9. snmp-check
  10. AlienVault
  11. Wireshark
  12. NetCat
  13. p0f
  14. Xping2
  15. Hping3
  16. Scapy
  17. Metasploit
  18. Inguma
  19. Medusa
  20. Hydra
  21. SSHater
  22. rcrack
  23. WyD
  24. Cain and Abel
  25. John the Ripper
  26. RainbowCrack
  27. SiteDigger
  28. SSLLabs
  29. Nikto2
  30. Skipfish
  31. Burp Suite
  32. ZAP
  33. Wfuzz
  34. Custom scripts for proprietary tests

Contact Net Friends Today
919-680-3763

Contact Us