Intelligence-led Penetration Testing

Passive Reconnaissance

Gather any information about the target by using techniques such as war driving, information gathering, and etc. Services information, contacts, and infrastructure plans are enumerated for further use. Human resources (personnel) are also targeted.

Active Reconnaissance

Actively probe infrastructure, services and key personnel of the target to obtain sensitive and sometimes critical information to aid the infiltration attempts in later stages. Techniques used include email phishing, voice phishing, port scanning, physical Infiltration, dumpster diving.

Threat Hunting

Discover vulnerabilities and establish attack vectors by enumerating weaknesses and loopholes (in systems and practices) and penetration testing on the enumerated targets gathered in previous stages. The successful discovery of multiple weak points allows for more elaborate infiltrations.

Attack Vector Analysis

Analyze available options (vectors) and deduce the best course of actions for successful infiltration, leveraging every piece of information gathered thus far.

Attack Simulations

Simulate real-life attacks by putting the infiltration plans into action. Successful infiltration will result in a takeover. The effectiveness of the target’s security measures and personnel will be assessed in this stage.

Takeover

Successful takeover results in compromise of all sensitive assets. Data are dumped from critical assets to demonstrate the extent of the potential damages.

Reporting

The final report includes organized information regarding the entire activity, sections such as the following are included:

• High-level summary
• Technical Details
• Proposed remediation