Penetration Testing 2.0

Let us find the weak links in your network perimeter and web applications.

Providing network reconnaissance, enumeration, vulnerability mapping, exploitation attempts, social engineering, and real-time cyber threat analysis, CyberHunter Pen Testing 2.0 is a unique blend of theoretical and actual risk identification.  Don’t settle for what might happen.  Find out what has already occurred.

Learn MoreBook a demo

What Is Pen Testing?

Vulnerability assessments and penetration testing are terms that are used interchangeably but are ultimately different services. In plain terms, if we imagine that your application or network is a locked door, a vulnerability assessment trying to identify all the possible locks that exist on the door. Penetration testing, on the other hand, is where an ethical hacker takes their big bag of “keys” (these are tools, techniques, and procedures) and attempts to open each one of the locks with every single “key”, hoping to open the door — but with permission.

What Type of Pen Test Do You Need?

In general, there are two categories of penetration testing or “pen test” that customers usually want: customer-driven / compliance-driven, OR penetration tests that attempt to exploit people, process or technology with the objective of breaking into the network and gaining access to digital assets.

Scenario 1 Pen Testing

Customer-Driven or Compliance-Driven

Example: “We have a web application and one of our biggest clients need us to get a 3rd party pen test performed for their risk team”.

This scenario actually describes a vulnerability assessment, followed by a blend of automated and manual pen testing that looks for obvious configuration flaws or vulnerabilities that can be exploited without too much effort.   The main goal is to produce a remediation report on the issues that let you harden your website, application or network.  This can also be considered a security audit of sorts, particularly when a specific set of metrics are used for compliance measurement (e.g. PCI-DSS compliance) or if we are looking at analyzing the running configuration of a device. CyberHunter will produce a Penetration Test Report and depending on the needs, couple this with an OWASP report (for web apps), a PCI Compliance report (QSA-Certified or Standard), or an ISO27001/2 report for standard-specific requirements.

Pricing for a Type#1 Penetration Test (for a single web application or perimeter device) can be in the range of $1,000 to $5,000 depending on size and scope, and will take approximately 3-5 days.

Start my Pen Test

Scenario 2 Pen Testing

Breach the Network (Red Team Exercise)

Example:  “We are looking to test and improve our overall cybersecurity posture and we need an ethical hacker to try to break into our network.”

This scenario describes a more traditional penetration test.  This type of pen test (also called a Red Team exercise) simulates an adversarial role and is a far more realistic way to test the security readiness of an organization.  This testing covers exploitation attempts against People, Process, and Technology.  It can involve a significant amount of social engineering and usually triggers active security controls and countermeasures inside the operating environment.  These tests will additionally assess internal Blue Team (the defensive team) responsiveness and/or process in the event of an intrusion detection.

Pricing for a Type#2 Penetration Test (Red Team Exercise) can start in the $5,000 to $15,000 range but this pricing is dependent upon the objectives, methodologies used, and duration of the exercise.  Typical penetration testing durations are 3-4 weeks or more, depending on scope, as they can involve significant reconnaissance efforts and exploitation creation.

Start my Pen Test

The right Pen Test can save you from being the next headline.

PENETRATION TESTING

The initial phase of a penetration test is to take all the reconnaissance data, enumerated system data and every one of the identified theoretical vulnerabilities and attempt to exploit them the same way a hacker would.  This is the Penetration Test or Pen Test and it is where all those theoretical weaknesses get exercised to see if there is way into the network or web application.  Each pen test is customized to meet the needs of the client.  Whether white-box or black-box, internal or external, wireless or wired…we even perform social engineering tests to see if we can ethically hack into your organization.

More than Traditional Pen Testing

Normal penetration tests live in a world that only looks at how to exploit KNOWN, theoretical vulnerabilities.  These tests do not address zero-day flaws in security controls or applications.  These tests are also limited by the skill of the ethical hacker doing the testing.  At CyberHunter, traditional pen testing is only the starting point.  We also hunt for breach and compromise that has ALREADY happened.  Every single minute of the day your network perimeter, your employees and your web application are being pen tested by thousands of adversaries. CyberHunter Solutions Pen Test 2.0 has built-in threat hunting that works to identify Advanced Persistent Threats (APTs) and Zero-Day malware that has already breached the network.  Get the world’s most advanced pen test with CyberHunter.

Test Evidence and Reporting

The following flavors of testing and reporting are available from CyberHunter:

  1. Technical Detailed Report
  2. Executive Briefing
  3. Remediation Report
  4. MS Patch Reports
  5. PCI Compliance
  6. HIPAA
  7. SOX
  8. ISO 27001/2
  9. OWASP
  10. Center for Internet Security (CIS)
  11. US DoD STIG
  12. NIST CVE
  13. SANS Policy

CyberHunter can audit network devices as well:  Cisco, Juniper, Palo Alto, HP ProCurve, Fortinet, Check Point, WatchGuard, Foundry and many others.

Learn More

Four Key Cyber Security Principles

The following four key principles can help guide organizations in taking a more proactive stance in combating malware:

  1. Accept that malware and APTs will breach existing defences.

  2. Treat endpoints as untrusted until proven otherwise.

  3. Trust established in an endpoint is both finite and fleeting.

  4. Validate endpoints as malware free, anytime, anyplace.

Phases of a Hacking Campaign

Vulnerability Assessments vs. Penetration Tests?

Vulnerability assessments and penetration testing are terms that are used interchangeably but are ultimately different services. In plain terms, a vulnerability assessment is like a thief making a note of all your points of entry and identifying the locks you have in place. Penetration testing, on the other hand, is actually picking the lock and getting inside — but with permission.

What is a Compromise Assessment?

A compromise assessment is a proactive survey of networked devices (e.g. Windows desktops) in order to detect threats that have evaded existing security controls inside the organization.  The goal is to reduce Dwell Time of attackers (catch them before they do damage), and to regularly measure the effectiveness of your security posture by providing hard evidence of the forensic state of the endpoints.

Any Threat Assessment Should Be:

  • Effective – At detecting all known variants of malware, remote access tools, and indications of unauthorized access.
  • Fast – Assess a large network within hours.
  • Affordable – A typical organization should be able to conduct it proactively and regularly (i.e. weekly/monthly/quarterly).
  • Independent – The assessment should not rely on existing detection tools already in the environment.

Why Choose CyberHunter?

  • The CyberHunter Pen Test 2.0 methodology leverages the most advanced tools, techniques and procedures in the industry to enumerate, identify and report on your existing security posture.
  • We are the only threat assessment solution that can perform an advanced Vulnerability Scan and Pen Test while simultaneously hunting for, and identifying Advanced Persistent Threats that are ALREADY embedded in you network.
  • CyberHunter gives you the insight and cyber intelligence you need to be proactive.