What is penetration testing?
Penetration Testing is a simulated attack against a system, network or application designed to identify and assess the exploitability of the target.
The scope of the assessment aims to replicate the activities of malicious actors while assessing your organisation’s system(s) or network(s) to identify and exploit vulnerabilities/weakness before the attackers do, as well as to provide expert level recommendation to both – the technical personnel and the senior management.
The rapid pace of how technology evolves and the increase in emerging cyber threats is making penetration testing an essential practice for organisations of all sizes and industries.
Cybercriminals are continuously exploiting weaknesses in organisations that could allow them to obtain initial foothold into their networks. Security of an organisation is a proportionate value of the weakest link. In a lot of scenarios, that happens to be “us”, the people. We are not perfect, and we all do make mistakes. Cyber criminals are often performing psychological manipulation also known as social engineering on us with the intention to divulge confidential information that might grant them access to internal resources. Other attacking vectors might be misconfiguration in defence systems, lack of rigorous patch/update management policies, poor password hygiene practices, as well as many others.
Our tactical Penetration Testing services will aid the identification of security vulnerabilities which could be exploited by real world threat actors. We will tailor our testing to meet your business requirements.
Our services
| Infrastructure penetration testing | We provide an in-depth and comprehensive service for assessing computer system security of your organisation internal or external informational assets’ ability to withstand cyber-attacks. Our penetration testers will attempt to break into your network and IT infrastructure using a combination of automated tools and advanced manual testing techniques to raise awareness about vulnerabilities, and the effects of their exploitation. The results of this assessment will provide us with an indication of the security weaknesses that exist around your network perimeter. They will not only allow us to gauge the risk of each vulnerability independently but also the risk of each vulnerability when combined with other vulnerabilities present around the network perimeter. Our approach to penetration testing is to work closely with you and any third parties to scope the project accurately in order to reflect the attack vectors and threat actors that expose you to the highest level of risk, or those which would prove to be more attractive to unauthorised users. Our testing includes the below stages:
|
| Web application penetration testing | Our approach to web applications, web services and APIs testing is to identify security weaknesses that may be exploited to compromise either the server-side application or ordinary users of the application. We will use advanced skills and techniques and perform tests from both - an authenticated and un-authenticated adversary perspective. Our testing focuses on the applications’ configurations and associated access controls, particularly around user privileges. We will also seek to identify any common web application security weaknesses including:
|
| Cloud security assessments | Our testing will assess the effectiveness of the security controls and configurations deployed on your cloud platform to ensure CIS security best practices have been considered during deployment stage. We will adapt our infrastructure penetration testing techniques to the specificities of the cloud. We will explore the consequences of a threat actor carrying out malicious activities externally but also malicious insiders by targeting the infrastructure/servers and try to gain access the data stored in your Cloud environment. We will use a combination of automated tools, in-house built tooling, and advanced manual testing techniques that would require read-only access. |
| Network device | Our review will examine the configuration of the device and if applicable any rules for routing traffic. We will also check for the ability to compromise or extract data in transit across the network. The configuration of the network devices will be assessed for common security weaknesses. The configuration review will include, but not be limited to:
|
| Segregation testing | We will provide an in-depth review of the protocols allowed through the firewall(s) subjected to exposure testing whereby attached networks are scanned using a variety of tools, with the aim of identifying:
|
| Build reviews | Our approach to build reviews offers a variety of different technologies with the aim of identifying security weaknesses which could enable or facilitate malicious activities. We assess the hardening of your security configuration on your key infrastructure components by comparing it against industry standard benchmarks and best practices. We will focus on assessing the build security quality encompassing areas such as locally installed OS components, system services, core security configurations, user accounts and permissions, password policies and auditing policies. Further detailed reviews of applications such as databases, web servers and mail servers can be conducted where specified. The reviews include an authenticated vulnerability assessment where the required access for network and accounts is provided. This enables additional review factors including a comprehensive listing of missing patches. Some examples of the type of servers that we can provide our expertise include but are not limited to:
|
| Mobile application and device security | Our assessments will be conducted in accordance with Mazars native mobile application testing methodology which is aligned with industry best-practise including the Open Web Application Security Project (OWASP), Mobile Application Security Vetting Standard (MASVS) and the OWASP Mobile Application Security Testing Guide (MASTG) project. The specific tests performed will be contingent on the application platform (iOS and Android). Our approach includes the protection of the application itself, the communication channels, and the exposed server side. Our testing focuses but it is not limited to bypassing anti-reverse engineering controls, authentication mechanisms, privilege escalation, data storage and privacy, code quality, and encryption. |
| Application/thick client testing | Our approach is designed to identify and address areas of risk to the confidentiality, integrity, and availability in both bespoke and off-the-shelf applications. A binary application test is very similar to a web application test, the main difference being that the client may not be using the standard web protocols to communicate with a server and may not be browser based. The main factor of this type of testing is that the application is compiled, and analysis of the compiled codes processes should be completed. Each of our assessments is tailored to fit the target application and the level of assurance required to your organisation. Testing is performed using both – testing systems with specialised application testing software and using standard client systems installed with a process debugger. Application user accounts are used throughout the testing to simulate user behaviour and access application functionality with the aim of identifying security weaknesses and exposures. |
| Kiosk/citrix breakout testing | Citrix allows users to cross a security boundary into an organisation and as such, if not correctly locked down could allow a trusted user to break out of their intended functionality and access underlying hosts, or data that reside upon them. Our approach is using the deployed application functionality to breakout of it and access the underlying presentation server. At this point our testing becomes similar to that of a server build review, and internal penetration assessment, depending on the deployment type, with the focus being on privilege escalation and lateral movement across your environment made possible through thorough enumeration. |
| Active directory review | Microsoft’s Active Directory Service is widely used to configure access via authentication and authorisation to resources within your organisation. Our review of the Active Directory will involve the gathering of information relating to forests and domains in scope, and their active directories. This initial activity is typically automated using tools and scripts to gather the required information. The information gathered is manually reviewed to eliminate false positives and to assess areas including, but not be limited to trust relationships, service accounts, high-privilege groups, delegation, password audit, user account configuration, weak domain object access control lists just to name a few. Our active directory audits are carried out in line with industry best practices such as SANS and CIS, together with our own experience. |
| Wireless testing | Our approach will assess the design and the configuration of your Wi-Fi infrastructure to identify any misconfigurations that may allow unauthorised access to restricted internal networks and systems. The objective is to help you in evaluating the security hardening and the sealing of your digital assets. We will survey the topology of your offices to detect possible signal leakage outside the boundaries of your office buildings. This will provide an accurate representation of the geographical area covered by the wireless Local Area Network (LAN). For each wireless signal measured outside the location, we will attempt to identify its source and analyse its characteristics. The information gathered will allow us to evaluate the susceptibility of the wireless LAN to interception and exploitation. The results of this analysis will allow us to identify the easiest wireless points of entry into the network through threat modelling. Furthermore, our team of experts will search for wireless devices which implement weak authentication schemes and networks that rely on static encryption keys in order to establish initial foothold within your organisation internal network. |
| Code reviews | Our approach will assess the design and the configuration of your application at a source code level. We will review critical piece of code from your applications to identify vulnerabilities or misconfigurations that may affect the Confidentiality, Integrity, and/or Availability of your organisation and its digital assets, as well as to provide assurance that best coding practices and standards are met during the software development lifecycle. |
Red team assessment
Our approach
Our Red Team assessments give you a more thorough and in-depth assessment of your cyber strategy and will also test your incident response plans. We will take you through the five stages of managing and mitigating a malicious attack on your network and critical infrastructure. We use methods and techniques that replicate the same or similar attacks based upon threat intelligence relating to your sector of industry, to give you a high degree of confidence in your cyber security. We work with you to build a detailed testing plan covering a selection of attack scenarios ranging from phishing, physical social engineering, assumed compromise, ransomware readiness to give some examples.
Our services
| Red teaming | Our specialised red teamers provide a holistic approach towards threat activity management of an organisation. This simulated cyber-attack would allow you to assess your physical and cyber defences, and the preparedness of your organisation against a skilled and persistent attacker. Our attack simulations go beyond penetration testing to explore the response and recovery aspects to test your security as-a-whole, by replicating the latest attack Tactics, Techniques and Procedures (TTPs). By their very nature, engagements of this type, work at the forefront of vulnerability research, evolving technology, and real-world emerging threats. Some of our examples attack scenarios include, spear phishing, insider threat actor, assumed compromise and physical social engineering. |
| Scenario based testing | Our approach utilises defined attack scenarios focused on specific hostile tactics to assess your organisation’s ability to prevent, detect and respond to cyber-attacks. Each scenario is tailored to replicate the activities of real-world threat actors’ intent on performing unauthorised actions on your organisation’s IT environment. We align our scenario-based assessments on the MITRE ATT&CK framework, designed to assess your response capabilities while applying the tactics, techniques, and procedures (TTPs) commonly used in real-life cyber-attacks. |
| Physical social engineering | Our approach includes all attacks that aim to manipulate human behaviour to gain leverage or knowledge about your organisation that would allow us to breach and bypass physical building security controls on-premises and gain physical access to your organisation or help us trick employees to divulge information. |
| Phishing services | Our aim is to simulate a threat actor who is targeting your organisation via the full spectrum of attacks available, including but not limited to Spear-Phishing, Vishing, Smishing in attempt to trick employees into sharing sensitive information such as passwords and usernames via social engineering simulation. This test can help boost employee awareness, retention rates and demonstrate the dangers associated with the execution of a successful cyber-crime through phishing attack. |
| Purple teaming | Our purple team simulation involves both Red (attackers) and Blue Teams (defenders) offering a more dynamic approach to cyber security. This gives an opportunity to view an attacker’s behavior in a real-time, collaborative exercise. Through carefully created, scenarios, the client’s security team has the opportunity to respond as they would in a real attack, testing processes and monitoring systems. The objective of which is to help the blue team to configure, tune and to improve its detection and response capability to defend against real-world threat actors. |
Internet of things (IoT) assessments
Our approach
Our latest partnership with IoT Innovation Centre CENSIS is supporting diversity in cyber security and improving IoT resilience. Our team of experts will provide advanced assessments in emerging internet connected devices. IoT devices are often less hardened and missing critical patches resulting in a weak point within a network and offer hackers an opportunity to gain access to your data and potentially egress data from a network.
Our services
We can provide device tear downs as well as assessments on the impact these devices may have on your network.
Dark web reviews
Our approach
Utilising our dark web platform, we will perform searches against your organisation looking for a list of identified compromised credentials, discussions of the company made by threat actors, as well as fraud or active (and historic) sale discussions about the company on the dark or deep web.
Our services
The review will consist of:
- Searching of the deep and dark web (DDW) for your organisation’s footprint based on keywords. Keywords to be searched for include brand names, email addresses, identifying information or similar;
- Identification of current attack methods and threats to an organisation through targeted and sector wide searching of DDW forums;
- Sector trends on targeting and leaked information releases will be examined to provide a broader context for information identified; and,
- A basic search of the DDW for information related to your organisation.
Get in touch with our Cyber team
Please contact our Digital consulting team using the button below for more information.
We are a CREST and Cyber Security accredited company
Our procedures and methodologies have been independently reviewed and assessed by CREST. All CREST member companies undergo stringent assessment, whilst CREST qualified individuals must pass rigorous professional level examinations to demonstrate knowledge, skill, and competence. Therefore, you know that our staff expertise can be relied upon.
We are a member of Cyber Scheme who are a leading assessment body and an NCSC Certified Delivery Partner for technical training and exams. The assessments they offer are simply the best available; consultants who pass them demonstrate competence and skill at the highest level defined by the UK’s National Technical Authority for Cyber Security (NCSC).
Our consultants hold Offensive Security, SANS & Zero Point (Red Team Ops) certified expert pen testers and 7+ years in the industry, Mazars LLP penetration testing services have a proven track record of finding flaws and helping businesses stay ahead of the hackers.
Technology and digital consulting
There’s always an opportunity with new technology: There’s always a robust digital solution
Technology and digital insights
Discover how to boost business success and resilience through technology and strengthen its protection, compliance and security.
National contacts
Sandeep Sharma Head of Cyber Attack & Defence
Carm Del Guercio Associate Director – Cyber Attack and Defence
Asparuh Stefanov
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
-
This website cannot function properly without these cookies.
-
Analytical cookies help us enhance our website by collecting information on its usage.
-
We use marketing cookies to increase the relevancy of our advertising campaigns.