What We Do
Vulnerability assessments evaluate and prioritize exposures in your organization.
To improve your organisation’s security, it’s important to not just continually identify vulnerabilities but also take action to address them. Our penetration testers supply clear remediation advice to help better protect your systems.
Here’s what you can expect to receive post-assessment:
- A detailed outline of all risks identified
- The potential business impact of each issue
- Insight into ease of vulnerability exploitation
- Actionable remediation guidance
- Strategic security recommendations
Host Compliance & Malware Audit
A host compliance audit evaluates a device (workstation, server, etc.) for security best-practices. Our engineers will evaluate the security of the device through measures such as attempting to boot alternate media, evaluating endpoint security solutions against malware, reviewing firewall configurations, reviewing patch management, and more.
Web Application Testing
Web application testing measures the security posture of your website and/or custom developed application.
Web applications play a vital role in business success and are an attractive target for cybercriminals. HackPick’s ethical hacking services include website and web app penetration testing to identify vulnerabilities including SQL injection and cross-site scripting problems plus flaws in application logic and session management flows.
External Penetration Testing
External penetration testing is the evaluation of your network’s perimeter defenses.
Test emulates the role of an attacker attempting to gain access to an internal network without internal resources or inside knowledge. HackPick Security engineer attempts to gather sensitive information through open-source intelligence (OSINT), including employee information, historical breached passwords, and more that can be leveraged against external systems to gain internal network access. The engineer also performs scanning and enumeration to identify potential vulnerabilities in hopes of exploitation.
Internal Penetration Testing
Internal penetration testing emulates attacks from inside your corporate network. HackPick Security engineer will scan the network to identify potential host vulnerabilities. The engineer will also perform common and advanced internal network attacks, such as: LLMNR/NBT-NS poisoning and other man- in-the-middle attacks, token impersonation, kerberoasting, pass-the-hash, golden ticket, and more. The engineer will resarch to gain access to hosts through lateral movement, compromise domain user and admin accounts, and exfiltrate sensitive data.
Wireless Penetration Testing
Wireless testing is the evaluation of your wireless posture. Unsecured wireless networks can enable attackers to enter your network and steal valuable data. Wireless penetration testing identifies vulnerabilities, quantifies the damage these could cause and determines how they should be remediated.
Wireless pen testing vulnerabilities identified:
- Rogue access points
- Wireless zero configurations
- Weak encryption
- Guest WiFi weaknesses
- WPA key vulnerabilities
- Default router setups
- Bruteforce weaknesses