Penetration Testing

Authorized cyberattack simulation by certified cybersecurity professionals across external, internal, and assumed-breach scenarios.

Penetration Testing

Authorized Attack

Authorized cyberattack simulation by certified pros to evaluate your security controls.

External & Internal Testing
Gray-box (preferred), Black & White-box
Web, Network & API Coverage
Assumed Breach Scenarios
Detailed Methodology Report

PENETRATION TESTING

What is a penetration test?

A penetration test is an authorized and simulated cyberattack conducted by certified cybersecurity professionals, with the goal of evaluating security controls.

We follow a deliberate methodology: public and private reconnaissance, scope aggregation, passive and active probing, identifying the path of least resistance, and conducting the attack. The engagement reflects how a real adversary would approach your environment.

Testing Types

Choose the level of insider knowledge that fits your assessment goals.

Closed (Black-box)

DomainGuard tests from an outsider's perspective. Public reconnaissance is utilized to aid in testing, but no inside knowledge is provided.

Targeted (Gray-box)

DomainGuard works with you to establish targets and in-scope systems. Some inside knowledge is provided. Un-authenticated web-application scans are included as part of the test.

Open (White-box)

DomainGuard conducts testing with full insider knowledge, including network diagrams, credentialed access to web applications, and more.

Testing Environments

External

External Penetration Testing targets externally facing assets such as websites, email servers, and external network interfaces.

The goal is to identify vulnerabilities that could be exploited by an attacker from outside the organization, without access to internal networks.

Internal

Internal Penetration Testing focuses on the internal network, simulating an attack by someone with inside access, an employee, contractor, or someone who has already gained a foothold.

The goal is to identify how much damage an attacker could do after gaining initial access.

External Methodology

Our seven-step process for external penetration testing.

Reconnaissance: Identify potential attack vectors and vulnerabilities. Surface and dark-web recon.
Identify Vulnerabilities: Confirm scope, enumerate, and run port and service discovery.
Manual Exploitation: Exploitation testing with regular status updates throughout the engagement.
Penetrate and Persist: Establish system access on identified vulnerable systems.
Escalate Access: Elevate privileges within the systems we've reached.
Lateral Movement: Access additional systems and data through the foothold.
Evidence Collection, Cleanup, and Reporting: Draft the final report and conduct a debrief call.

Internal Testing: Assumed-Breach Scenarios

Three common scenarios that simulate an attacker who already has a foothold.

Physical Access Breach

An unauthorized individual gains physical access to the premises and connects a device to the network. Tests network segmentation and physical security measures.

Compromised Workstation

An employee's workstation is infected with malware, providing the attacker with access to the internal network. Could an account escalate privileges and access more than they should?

Compromised Customer

A customer-provisioned environment is infected with malware, providing the attacker with access to the customer environment. Is it possible to break out of the customer silo?