Ethical hacking

How well prepared is your organisation against cyber threats?

Evaluate your cyber defence capabilities: 

In the cyber security realm, the term ethical hacking is the process of performing a large spectrum of cyber security testing exercises to help assess organisations' preparedness and current state against cyber threats. 

Taking a proactive and not reactive approach could save organisations millions in potential damages and legal fees and most importantly protect their reputation. As we all know reputation and trust take a very long time to build but only seconds to break, and forever to earn back. 

Ethical hacking enables us to assess your ability to detect an attack and respond to it by identifying and resolving vulnerabilities in your defences, helping protect your organisation, and reducing risk exposure. 

How can we help? 

As a CREST accredited, and Cyber Scheme member penetration testing company, you can trust our high-quality consultants to identify and address security vulnerabilities in your technology, people, and processes. We are not simply identifying security weaknesses by following a predefined methodology. We are technical and business specialists who provide holistic security solutions in complex environments to counter the most advanced and persistent cyber security threats. We will work with you to understand your requirements, help you understand the impact of our findings, and understand how these can be realistically remediated by you. 

Assessments are performed using both technical and social engineering techniques, equivalent to those that a real-world attacker would use to access your sensitive information or disrupt your systems. This enables our clients to understand the business risks and to identify opportunities to improve systems, design and development processes, and/or operational policies and procedures. 

Get in touch with our Cyber team

Our ethical hacking services

Penetration testing assessments

  • Infrastructure penetration testing
  • Web application penetration testing
  • Cloud security assessments
  • Network device
  • Segregation testing
  • Build reviews
  • Mobile application and device security
  • Application/thick client testing
  • Kiosk/citrix breakout testing
  • Active directory review
  • Wireless testing
  • Code reviews

Red team assessments

  • Red teaming
  • Scenario based testing
  • Physical social engineering
  • Phishing services
  • Purple teaming

 

Internet of Things (IOT) assessments 

  • Device tear downs 
  • Device network impact assessments  

Dark web review

  • Searching the deep and dark web (DDW) for your organisation’s footprint.
  • Identification of current attack methods and threats
  • Sector trends on targeting and leak information releases
  • Search of the DDW for information on your organisation 

 

Penetration testing assessments

What is penetration testing?

Penetration Testing is a simulated attack against a system, network or application designed to identify and assess the exploitability of the target. 

The scope of the assessment aims to replicate the activities of malicious actors while assessing your organisation’s system(s) or network(s) to identify and exploit vulnerabilities/weakness before the attackers do, as well as to provide expert level recommendation to both – the technical personnel and the senior management. 

The rapid pace of how technology evolves and the increase in emerging cyber threats is making penetration testing an essential practice for organisations of all sizes and industries. 

Cybercriminals are continuously exploiting weaknesses in organisations that could allow them to obtain initial foothold into their networks. Security of an organisation is a proportionate value of the weakest link. In a lot of scenarios, that happens to be “us”, the people. We are not perfect, and we all do make mistakes. Cyber criminals are often performing psychological manipulation also known as social engineering on us with the intention to divulge confidential information that might grant them access to internal resources. Other attacking vectors might be misconfiguration in defence systems, lack of rigorous patch/update management policies, poor password hygiene practices, as well as many others. 

Our tactical Penetration Testing services will aid the identification of security vulnerabilities which could be exploited by real world threat actors. We will tailor our testing to meet your business requirements.

Our services

Infrastructure penetration testing

We provide an in-depth and comprehensive service for assessing computer system security of your organisation internal or external informational assets’ ability to withstand cyber-attacks. Our penetration testers will attempt to break into your network and IT infrastructure using a combination of automated tools and advanced manual testing techniques to raise awareness about vulnerabilities, and the effects of their exploitation. The results of this assessment will provide us with an indication of the security weaknesses that exist around your network perimeter. They will not only allow us to gauge the risk of each vulnerability independently but also the risk of each vulnerability when combined with other vulnerabilities present around the network perimeter. Our approach to penetration testing is to work closely with you and any third parties to scope the project accurately in order to reflect the attack vectors and threat actors that expose you to the highest level of risk, or those which would prove to be more attractive to unauthorised users. Our testing includes the below stages: 

  • Reconnaissance and Enumeration.
  • Mapping and Service Identification. 
  • Vulnerability Analysis.
  • Exploitation. 
Web application penetration testing

Our approach to web applications, web services and APIs testing is to identify security weaknesses that may be exploited to compromise either the server-side application or ordinary users of the application. We will use advanced skills and techniques and perform tests from both - an authenticated and un-authenticated adversary perspective. Our testing focuses on the applications’ configurations and associated access controls, particularly around user privileges. We will also seek to identify any common web application security weaknesses including: 

  • Open Web Application Security Project (OWASP) top ten web application security vulnerabilities.
  • Input validation, including bypass, command injection, SQL injection and other code injection flaws.
  • Parameter tampering and privilege escalation.
  • File inclusion attacks, both local and remote.
  • Session hijacking, cookie poisoning and replay attacks.
  • User privilege escalation (through a variety of methods), including credential manipulation. 
Cloud security assessments Our testing will assess the effectiveness of the security controls and configurations deployed on your cloud platform to ensure CIS security best practices have been considered during deployment stage. We will adapt our infrastructure penetration testing techniques to the specificities of the cloud. We will explore the consequences of a threat actor carrying out malicious activities externally but also malicious insiders by targeting the infrastructure/servers and try to gain access the data stored in your Cloud environment. We will use a combination of automated tools, in-house built tooling, and advanced manual testing techniques that would require read-only access. 
Network device

Our review will examine the configuration of the device and if applicable any rules for routing traffic. We will also check for the ability to compromise or extract data in transit across the network. The configuration of the network devices will be assessed for common security weaknesses. The configuration review will include, but not be limited to: 

  • Authentication and authorisation controls.
  • Management protocols.
  • Network protocols.
  • Logging and audit configuration.
  • Review the configuration of VPN solution.
  • Firewall ruleset. 
Segregation testing

We will provide an in-depth review of the protocols allowed through the firewall(s) subjected to exposure testing whereby attached networks are scanned using a variety of tools, with the aim of identifying: 

  • Firewall type and footprint, including running services and responses to identification type scans.
  • Permissible inbound rules and/or protocols.
  • Segmentation testing.
  • Permissible outbound rules and/or protocols.
  • Firewall misconfiguration with regards to source port manipulation scans.
Build reviews

Our approach to build reviews offers a variety of different technologies with the aim of identifying security weaknesses which could enable or facilitate malicious activities. We assess the hardening of your security configuration on your key infrastructure components by comparing it against industry standard benchmarks and best practices. We will focus on assessing the build security quality encompassing areas such as locally installed OS components, system services, core security configurations, user accounts and permissions, password policies and auditing policies. Further detailed reviews of applications such as databases, web servers and mail servers can be conducted where specified. The reviews include an authenticated vulnerability assessment where the required access for network and accounts is provided. This enables additional review factors including a comprehensive listing of missing patches. Some examples of the type of servers that we can provide our expertise include but are not limited to: 

  • Web servers used to deliver web content to users and services (e.g., IIS, Apache, and Nginx). 
  • Database server used to store data in a structured format (e.g., MySQL, Microsoft SQL Server, MongoDB). 
    • Database version/patch level; 
    • Feature reduction / surface area reduction; 
    • Authentication and authorisation; 
    • Password policies; 
    • Network encryption; 
    • Database permissions. 
  • Microsoft’s Hyper-V Hypervisor commonly used to deploy a virtualised enterprise environment. It is one of the foundational technologies required to create software defined infrastructure. 
  • Microsoft’s Exchange Server widely used in Enterprise and corporate environments to provide access to email and collaboration services. 
Mobile application and device securityOur assessments will be conducted in accordance with Mazars native mobile application testing methodology which is aligned with industry best-practise including the Open Web Application Security Project (OWASP), Mobile Application Security Vetting Standard (MASVS) and the OWASP Mobile Application Security Testing Guide (MASTG) project. The specific tests performed will be contingent on the application platform (iOS and Android). Our approach includes the protection of the application itself, the communication channels, and the exposed server side. Our testing focuses but it is not limited to bypassing anti-reverse engineering controls, authentication mechanisms, privilege escalation, data storage and privacy, code quality, and encryption. 
Application/thick client testingOur approach is designed to identify and address areas of risk to the confidentiality, integrity, and availability in both bespoke and off-the-shelf applications. A binary application test is very similar to a web application test, the main difference being that the client may not be using the standard web protocols to communicate with a server and may not be browser based. The main factor of this type of testing is that the application is compiled, and analysis of the compiled codes processes should be completed. Each of our assessments is tailored to fit the target application and the level of assurance required to your organisation. Testing is performed using both – testing systems with specialised application testing software and using standard client systems installed with a process debugger. Application user accounts are used throughout the testing to simulate user behaviour and access application functionality with the aim of identifying security weaknesses and exposures. 
Kiosk/citrix breakout testing Citrix allows users to cross a security boundary into an organisation and as such, if not correctly locked down could allow a trusted user to break out of their intended functionality and access underlying hosts, or data that reside upon them. Our approach is using the deployed application functionality to breakout of it and access the underlying presentation server. At this point our testing becomes similar to that of a server build review, and internal penetration assessment, depending on the deployment type, with the focus being on privilege escalation and lateral movement across your environment made possible through thorough enumeration. 
Active directory reviewMicrosoft’s Active Directory Service is widely used to configure access via authentication and authorisation to resources within your organisation. Our review of the Active Directory will involve the gathering of information relating to forests and domains in scope, and their active directories. This initial activity is typically automated using tools and scripts to gather the required information. The information gathered is manually reviewed to eliminate false positives and to assess areas including, but not be limited to trust relationships, service accounts, high-privilege groups, delegation, password audit, user account configuration, weak domain object access control lists just to name a few. Our active directory audits are carried out in line with industry best practices such as SANS and CIS, together with our own experience. 
Wireless testingOur approach will assess the design and the configuration of your Wi-Fi infrastructure to identify any misconfigurations that may allow unauthorised access to restricted internal networks and systems. The objective is to help you in evaluating the security hardening and the sealing of your digital assets. We will survey the topology of your offices to detect possible signal leakage outside the boundaries of your office buildings. This will provide an accurate representation of the geographical area covered by the wireless Local Area Network (LAN). For each wireless signal measured outside the location, we will attempt to identify its source and analyse its characteristics. The information gathered will allow us to evaluate the susceptibility of the wireless LAN to interception and exploitation. The results of this analysis will allow us to identify the easiest wireless points of entry into the network through threat modelling. Furthermore, our team of experts will search for wireless devices which implement weak authentication schemes and networks that rely on static encryption keys in order to establish initial foothold within your organisation internal network.
Code reviewsOur approach will assess the design and the configuration of your application at a source code level. We will review critical piece of code from your applications to identify vulnerabilities or misconfigurations that may affect the Confidentiality, Integrity, and/or Availability of your organisation and its digital assets, as well as to provide assurance that best coding practices and standards are met during the software development lifecycle. 

 

Red team assessment 

Our approach

Our Red Team assessments give you a more thorough and in-depth assessment of your cyber strategy and will also test your incident response plans. We will take you through the five stages of managing and mitigating a malicious attack on your network and critical infrastructure. We use methods and techniques that replicate the same or similar attacks based upon threat intelligence relating to your sector of industry, to give you a high degree of confidence in your cyber security. We work with you to build a detailed testing plan covering a selection of attack scenarios ranging from phishing, physical social engineering, assumed compromise, ransomware readiness to give some examples. 

Our services

Red teamingOur specialised red teamers provide a holistic approach towards threat activity management of an organisation. This simulated cyber-attack would allow you to assess your physical and cyber defences, and the preparedness of your organisation against a skilled and persistent attacker. Our attack simulations go beyond penetration testing to explore the response and recovery aspects to test your security as-a-whole, by replicating the latest attack Tactics, Techniques and Procedures (TTPs). By their very nature, engagements of this type, work at the forefront of vulnerability research, evolving technology, and real-world emerging threats. Some of our examples attack scenarios include, spear phishing, insider threat actor, assumed compromise and physical social engineering. 
Scenario based testingOur approach utilises defined attack scenarios focused on specific hostile tactics to assess your organisation’s ability to prevent, detect and respond to cyber-attacks. Each scenario is tailored to replicate the activities of real-world threat actors’ intent on performing unauthorised actions on your organisation’s IT environment. We align our scenario-based assessments on the MITRE ATT&CK framework, designed to assess your response capabilities while applying the tactics, techniques, and procedures (TTPs) commonly used in real-life cyber-attacks. 
Physical social engineeringOur approach includes all attacks that aim to manipulate human behaviour to gain leverage or knowledge about your organisation that would allow us to breach and bypass physical building security controls on-premises and gain physical access to your organisation or help us trick employees to divulge information. 
Phishing servicesOur aim is to simulate a threat actor who is targeting your organisation via the full spectrum of attacks available, including but not limited to Spear-Phishing, Vishing, Smishing in attempt to trick employees into sharing sensitive information such as passwords and usernames via social engineering simulation. This test can help boost employee awareness, retention rates and demonstrate the dangers associated with the execution of a successful cyber-crime through phishing attack. 
Purple teaming Our purple team simulation involves both Red (attackers) and Blue Teams (defenders) offering a more dynamic approach to cyber security. This gives an opportunity to view an attacker’s behavior in a real-time, collaborative exercise. Through carefully created, scenarios, the client’s security team has the opportunity to respond as they would in a real attack, testing processes and monitoring systems. The objective of which is to help the blue team to configure, tune and to improve its detection and response capability to defend against real-world threat actors. 

 

Internet of things (IoT) assessments 

Our approach

Our latest partnership with IoT Innovation Centre CENSIS is supporting diversity in cyber security and improving IoT resilience. Our team of experts will provide advanced assessments in emerging internet connected devices. IoT devices are often less hardened and missing critical patches resulting in a weak point within a network and offer hackers an opportunity to gain access to your data and potentially egress data from a network.

Our services

We can provide device tear downs as well as assessments on the impact these devices may have on your network. 

 

Dark web reviews 

Our approach

Utilising our dark web platform, we will perform searches against your organisation looking for a list of identified compromised credentials, discussions of the company made by threat actors, as well as fraud or active (and historic) sale discussions about the company on the dark or deep web.

Our services

The review will consist of: 

  • Searching of the deep and dark web (DDW) for your organisation’s footprint based on keywords. Keywords to be searched for include brand names, email addresses, identifying information or similar; 
  • Identification of current attack methods and threats to an organisation through targeted and sector wide searching of DDW forums; 
  • Sector trends on targeting and leaked information releases will be examined to provide a broader context for information identified; and, 
  • A basic search of the DDW for information related to your organisation. 

Get in touch with our Cyber team

Please contact our Digital consulting team using the button below for more information.

Contact us today

We are a CREST and Cyber Security accredited company

Our procedures and methodologies have been independently reviewed and assessed by CREST. All CREST member companies undergo stringent assessment, whilst CREST qualified individuals must pass rigorous professional level examinations to demonstrate knowledge, skill, and competence. Therefore, you know that our staff expertise can be relied upon. 

We are a member of Cyber Scheme who are a leading assessment body and an NCSC Certified Delivery Partner for technical training and exams. The assessments they offer are simply the best available; consultants who pass them demonstrate competence and skill at the highest level defined by the UK’s National Technical Authority for Cyber Security (NCSC). 

Our consultants hold Offensive Security, SANS & Zero Point (Red Team Ops) certified expert pen testers and 7+ years in the industry, Mazars LLP penetration testing services have a proven track record of finding flaws and helping businesses stay ahead of the hackers.

Ethical hacking - Crest logo 3

National contacts