Hacking / Intrusion Test

Hacking / Intrusion Test

Our team will test your security infrastructure to find possible failures by which they could attack you outside and inside. Once detected, we will give you the most accurate recommendations for the vulnerabilities that affect you. In this way we will provide better and greater protection to the infrastructure of your company, whether the possible attacker comes from abroad or from within.

These blind tests are usually carried out without previous information from the structure in order to simulate the real scenario of a possible attacker who wants to attack or infiltrate the company's systems from abroad.

On the other hand, in case of an interest in simulating the internal attack of the company's system and its networks, the Intrusion Test would be carried out from the same company with the same information as the internal collaborators. In this way we will know how far they can go if they had evil intentions.

This process is the best way to demonstrate to your board of directors the real importance of investing in security. They will really see the damage that an attacker with bad intentions can do, not only economically but in terms of prestige, brand or reputation. With the Intrusion Test we will show you that it is possible to obtain privileges, access confidential information, or even move money in order to have the desired impact.

The test is determined by scope, that is means, a specific time of action is determined by us. In this time that we are granted, we will do everything in our power to infiltrate their systems and demonstrate what it takes not to take preventive measures or neglect existing ones.

The three stages of the service:

Stage 1: Evaluation.

In this phase, two scenarios are contemplated. First, the company provides us with basic and essential data to start the test. This way of acting is considered to shorten the time of action, making it agile and realistic that an attacker has all the time in the world. These data can be obtained by a series of routes in a few days, days that slow down the analysis. The means or ways to obtain the information are through any means either to open or private sources. The other scenario is completely blind data collection. The company that requires the services wants to know how easy it is to obtain data and intrusion into the systems. Subsequently take the appropriate measures to correct protocols, applications, typologies ... Many of these contemplated in regulations such as ISO27001 or 27002.

Stage 2: Hacking.

It begins to act on the scope, are analyzed in search of vulnerabilities either in the infrastructure, operating systems, available services or existing applications. All this with all the data of the stage 1 of information gathering. As the tests in the systems and the vulnerability searches begin, evidence of our intrusion will be obtained for the subsequent documentation and demonstration of the intrusion work.

Stage 3: Documentation:

In this phase all the information regarding the findings during stage 2 will be verified in an accessible and executive language since the report will not only be reviewed by personnel of a technical profile, but by managers and those in charge of other areas. Everything that has been detected in the systems will be recorded, including intermediate reports of intrusions with greater impact and evidence of how the intrusion could have been perpetrated. Finally, a presentation will be drawn indicating those points that are created that require special importance or that cause the most serious or immediate problems.

In conclusion

Intrusion Test with information: Private information provided by the company is used on their computer systems. The aim is to simulate attacks made from the inside part of the company and with a certain degree of privileged information.

Intrusion Test without information:Tthe public information of the scope is used, together with social engineering trying to break the perimeter of computer security and see how far it can be reached through vulnerabilities.

External Intrusion Test:It is done externally to the company's facilities. The intention and objective is to evaluate perimeter security systems.

Internal Intrusion Test: It is carried out within the company's facilities with the purpose of testing the policies and internal security mechanisms of the company.

This service provides a comprehensive report of the vulnerabilities of the company. With this X-ray of the current situation, the necessary information will be obtained to act on the systems that require it and in an effective way since said report provides a list of recommendations to be applied. So your security team can support you to redesign the control program.