Penetration Testing
Authorized cyberattack simulation by certified cybersecurity professionals across external, internal, and assumed-breach scenarios.
Authorized cyberattack simulation by certified pros to evaluate your security controls.
Learn more
Beyond network testing. Code, logic, and behavior of your custom applications.
Learn more
Phishing, vishing, and continuous monitoring for dark web exposure of your accounts and credentials.
Learn more
Architecture, configuration, and logging review against cloud security best practices.
Learn more
Simulate attacks across every layer to validate logging coverage and alert precision.
Learn morePENETRATION TESTING
What is a penetration test?
A penetration test is an authorized and simulated cyberattack conducted by certified cybersecurity professionals, with the goal of evaluating security controls.
We follow a deliberate methodology: public and private reconnaissance, scope aggregation, passive and active probing, identifying the path of least resistance, and conducting the attack. The engagement reflects how a real adversary would approach your environment.
Testing Types
Choose the level of insider knowledge that fits your assessment goals.
Closed (Black-box)
DomainGuard tests from an outsider's perspective. Public reconnaissance is utilized to aid in testing, but no inside knowledge is provided.
Targeted (Gray-box)
DomainGuard works with you to establish targets and in-scope systems. Some inside knowledge is provided. Un-authenticated web-application scans are included as part of the test.
Open (White-box)
DomainGuard conducts testing with full insider knowledge, including network diagrams, credentialed access to web applications, and more.
Testing Environments
External
External Penetration Testing targets externally facing assets such as websites, email servers, and external network interfaces.
The goal is to identify vulnerabilities that could be exploited by an attacker from outside the organization, without access to internal networks.
Internal
Internal Penetration Testing focuses on the internal network, simulating an attack by someone with inside access, an employee, contractor, or someone who has already gained a foothold.
The goal is to identify how much damage an attacker could do after gaining initial access.
External Methodology
Our seven-step process for external penetration testing.
- Reconnaissance: Identify potential attack vectors and vulnerabilities. Surface and dark-web recon.
- Identify Vulnerabilities: Confirm scope, enumerate, and run port and service discovery.
- Manual Exploitation: Exploitation testing with regular status updates throughout the engagement.
- Penetrate and Persist: Establish system access on identified vulnerable systems.
- Escalate Access: Elevate privileges within the systems we've reached.
- Lateral Movement: Access additional systems and data through the foothold.
- Evidence Collection, Cleanup, and Reporting: Draft the final report and conduct a debrief call.
Internal Testing: Assumed-Breach Scenarios
Three common scenarios that simulate an attacker who already has a foothold.
Physical Access Breach
An unauthorized individual gains physical access to the premises and connects a device to the network. Tests network segmentation and physical security measures.
Compromised Workstation
An employee's workstation is infected with malware, providing the attacker with access to the internal network. Could an account escalate privileges and access more than they should?
Compromised Customer
A customer-provisioned environment is infected with malware, providing the attacker with access to the customer environment. Is it possible to break out of the customer silo?