Skip to content

Assessments

  • External Network Pentest
    • Assessing an organization's security from the outside looking in
    • Methodology focuses heavily on Open-Source Intelligence (OSINT) Gathering
    • Duration typically lasts 32-40 hours with additional 8-16 hours of report writing
  • Internal Network Pentest
    • Assessing an organization's security from the inside of their network
    • Methodology focuses heavily on Active Directory attacks
    • Duration typically lasts 32-40 hours with additional 8-16 hours of report writing
  • Web app pentest
    • Assesing an organization's web application security
    • Methodolgy focuses heavily on web-based attacks and the OWASP testing guidelines
    • Duration typically lasts 32-40 hours with additional 8-16 hours of report writing
  • Wireless Pentest
    • Assessing an organization's wireless network security
    • Methodology depends on wireless type being used (guest vs WPA2-PSK vs WPA2 Enterprise)
    • Duration typically lasts 4-8 hours per SSID with additional 2-4 hours of report writing
  • Physical Pentest and Social Engineeting
    • Assessing an organization's physical security and/or end-user training
    • Methodology depends on task and goals
    • Typically lasts 16-40 hours with another 4-8 hours for report writing
  • Other Assesments
    • Mobile Penetration Testing
    • IoT Penetration Testing
      • pressure cookers, wi-fi camera
    • Red Team Engagements
      • trying to sneak in any way you can
    • Purple Team Engagements

Report Writing

  • Delivered within a week after the engagement ends
  • Report should have both a non-techincal (executive) and technical findings
  • Recomendations for remediation should be clear to both executives and technical staff