• Did you know that less than 40% of organizations conduct
    full-network active vulnerability scans more than once per quarter?

    Did you know that 70% of respondents are spending
    greater than 5% of their IT budgets on security ?

    Did you know that 66% of sensitive data is
    stored upon on-site servers?
  • Did you know that 88% on IS professionals think that BYOD
    combined with rooting or jailbreaking makes a successful
    APT attack more likely ?

    Did you know that 63% of users admit to forgetting a password,
    or had a password compromised, in their professional life ?

    Did you know that 56% of organizations say it is unlikely
    or highly unlikely that they would be able to
    detect a sophisticated attack ?

Network Penetration Testing

This type of a penetration test involves identifying the targets through Google searches, WHOIS, DNS queries and reverse look-ups. We perform OS Fingerprinting and banner grab for identifying known vulnerabilities. The exploitation of these vulnerabilities depends on whether it is part of the engagement or not. We follow a responsible disclosure and non-destructive exploitation approach. Limited exploitation is always done in terms of password guessing, service exploitation. This would help you in identifying the Network Security posture of your organization.

In this assessment, we will perform:


The information gathering steps of fingerprinting is of utmost importance. Good information gathering can make the difference between a successful pen test and one that has failed to provide maximum benefit to the client. We monitor the network to perform non-invasive and objective analysis of the platforms and network environments used, to ensure that users receive service that is optimized for their software, and to guarantee that no sizable group of users is neglected in some way.

Here we will identify active hosts on a network. Scanning procedures such as ping sweeps and port scans, return information about which IP addresses map to live hosts that are active on the internet. Hence, our scan would be to identify the open TCP and UDP ports from all the 65,535 ports.

Once the open ports have been reckoned, scanning subsystem obtains all of this data by connecting to open ports and interrogate them for further information using probes that the specific services understand. It is important to pay attention to which ports are actually listening on the system's network interfaces. Any open ports which has not been opened by an authorized application could be an evidence of an intrusion.

We will be running a light scan to detect only the operating system of hosts. The light scan uses a limited number of common ports to scan and only probes a small set of QIDs, sufficient to be able to detect the OS of the target server.

Over here we identify the vulnerabilities by selecting the right set of tests and run an automated scans followed by manual techniques. Exploits may not always be used against production systems. However, if we have explicit permission from the organization, then we can run the specific exploits depending upon identified vulnerabilities. We develop a robust cyber threat intelligence capability to determine what types and levels of threat may use exploits and 0-days against a particular organization.

Lack of proper input validation is the biggest security problem of all time. This could lead to a number of attacks being launched against the network infrastructure.

We not only check password strength through the use of automated password recovery tools such as Common Passwords, Dictionary Passwords and Brute Force Attack, but also perform manual password guessing techniques, which exploits default username and password combinations in applications or operating systems, or easy-to-guess passwords resulting from user error.

Our team reviews the various interfaces to determine whether the interfaces allow for separation of roles. For example, all features will be accessible to administrators, but users will have a more limited set of features available and also evaluate access controls and testing for privilege escalation.

We start with the attacker having a foothold inside the enterprise, since this is often not difficult in modern networks. Furthermore, it is also typically not difficult for the attacker to escalate from having user rights on the workstation to having local administrator rights. This escalation can occur by either exploiting an unpatched privilege escalation vulnerability on the system or more frequently, finding local admin passwords in SYSVOL, such as Group Policy Preferences.