Advance Persistent Test

In todays world, cyber-attacks come in at levels never seen before and coming from agents as big as goverment-sponsored teams. Measuring the organizations security posture against these types of threads has become key to fully understand the real risk against advance Social Engineering, Wireless, physical and network attachs, among many other threads.

APT Overview

The Advance Persistent Tests, is our most in-depth and conprehensive service. We strongly feel that most of the successful compromises to organizations come from organized and persistent type of attacks. It is important to clarify that advance and persistent does not only means goverment-sponsored entities, it also means criminals or stand-alone hacker capable of spending time attacking a network from many angles. Once that is settle, it is clear that even though security speaks about Top 10 vulnerabilities, patching, etc. It is the comprehensive use of all of these issues, that will result into catrastophic compromises leaking millions of customers credit cards, trade secrets, corporate espionage, among many other things.
These specific type of assessments was design to give customer a olistic understanding of not what vulnerabilities the organization has, but how those vulnerabilities can be used over time to compromise the entire network.

Unique Approach

Given the depth and sensitivity of these tests every exercise will be designed close to the customer to satisfy their needs an set clear objectives, limits and scope. It is imporant to understand that these attacks do not test network, web or services as isolated entities, instead we will use any and all tools, techniques and tricks at our disposal in order to compromise the organization. The list below represents some of the lists of attacks the consultants will be performing, but not limited to:

Exploiting vulnerabilities on external and internal network.
Exploiting Web-App vulnerabilities.
Physically access corporate environments.
Exploit corporate equipment in order to gain access.
Dropping usb-keys.
Email, Twitter and Facebook phishing campaings
Targeted Social-Hacking.
Cold calling.
Perform OSINT campains againts key members.

Having said this it is important to notice that all of these tests will be performed under the limitations of the laws of each state and country in which the attacks are being performed. These clarifications are made, because unlike real attackers, we do have to work within he law and always respecting the privacy and corporate rights of our client's employees. Because of these any attack will be limited to corporate equipment only or any other equipment in which the corporation has a legal right to install software.