Penetration Testing
Tailored cybersecurity assessments
Ember Lake’s approach to penetration testing and vulnerability assessments are based upon guidance outlined within NIST SP 800-53 and industry-backed best practice. Years of fine-tuning results in an all-encompassing approach to identify vulnerabilities and misconfigurations affecting external and internal network devices.
Overview
Our approach to penetration testing begins with blind enumeration of the defined scope by performing manual testing using open source and proprietary scripts. This method provides deeper insight into underlying vulnerabilities, resulting in a greater understanding of the network’s security posture.
After the initial review, each device is manually assessed using a combination of terminal, web browser, and industry-recognised vulnerability scanning tools. These vulnerabilities are verified and leveraged in attempts to perform escalation from privileges to ultimately gain complete, unauthorised access over the scoped devices. This approach results in a more exhaustive assessment, affording us opportunity to provide recommendations that will be effective in improving the cybersecurity posture.
External Penetration Testing
- Perform reconnaissance and open-source intelligence from publicly available resources
- Enumerate all publicly facing devices, including firewalls, routers, and servers, to determine system function and external perimeter topology
- Attempt to bypass controls and gain access to systems using identified vulnerabilities
- Elevate privileges and establish administrative control over compromised systems by creating new accounts and establishing remote access
- Conduct automated penetration to test effectiveness of intrusion detection systems (IDS)
Internal Penetration Testing
- Enumerate vulnerabilities affecting hosts on the internal network, including printers, servers, workstations, applications, and network infrastructure
- Analyze and intercept network traffic, capturing unencrypted or poorly encrypted communications
- Elevate privileges to establish administrative control of systems
- Maintain persistence by creating accounts or establishing remote access
- Conduct automated penetration to test effectiveness of intrusion detection systems (IDS)
Want to know more?
Contact us today to speak with one of our cyber professionals to see how Ember Lake can help.