Security Services

Network Penetration Testing

IT organizations are building, maintaining and improving their network defenses against internal and external malicious users and attackers every day. While understanding how well these defenses withstand adversaries, is imperative to keep your fortress secure.

wizlynx group takes the time to understand our client’s business and think like an attacker would. This allows us to gain a holistic overview, as well as a technical point of view. Using set objectives, we will identify the weakest link first, and then escalate until one or several bastions fall, and we gain privileged access to information or systems.

Our approach is a hybrid methodology composed of automated and manual testing, to assess a clients’ external and internal information assets, network and security devices to identify vulnerabilities before cybercriminals do. Our assessment also includes an exploitation phase, allowing our customers to better understand the risks a vulnerability poses.

Our services rely on highly skilled cyber security analysts and penetration testers with extensive experience, both in defense and offense.

Our Penetration Testing Methodology

Our Penetration Testing methodology is decidedly inspired by the OWASP testing guide and the Open Source Security Testing Methodology Manual (OSSTMM):
Preparation
Active & Passive Reconaissance
Vulnerability Identification
Vulnerability Exploitation
Analysis & Reporting
Remediation

What Are We Testing During a Network Penetration Test?

The execution of our network penetration test is composed of three main phases explained below:
Active & Passive Reconnaissance

Information gathering about the target organization, as well as identify underlying components such as operating systems, running services, software versions, etc. The following is a non-inclusive list of items that will be tested to allow us to craft our attack in an informed fashion, elevating our probability of success:

  • Open domain search
  • DNS investigation
  • Public information search (search engines, social networks, newsgroups, etc.)
  • Network enumeration
  • Port scanning, OS fingerprinting, and version scanning
  • Firewall enumeration


Vulnerability Identification

Assessment that consists of evaluating the information assets in scope against 80'000+ vulnerabilities and configuration checks, in addition to CWE/SANS TOP 25 Most Dangerous Software Errors and OWASP Top Ten vulnerabilities. wizlynx group uses several vulnerability scanners, as well as manual techniques, to test the many services that are reachable via the network such as SMTP, HTTP, FTP, SMB, SSH, SNMP, DNS, etc. The following vulnerability types can be identified (non-inclusive list):

Service-Side Exploitation

  • Remote code execution
  • Buffer overflow
  • Code Injection
  • Web Application exploitation

Network Manipulation & Exploitation

  • VLAN Hopping attacks
  • ARP Spoofing
  • HSRP/VRRP Man-In-The-Middle attack (MiTM)
  • Routing Protocols MiTM

Identity & Authentication Weakness Exploitation

  • Default username and password
  • Weak and guessable user credentials

Privilege Escalation

  • Race conditions
  • Kernel attacks
  • Local exploit of high-privileged program or service

Vulnerability Exploitation

Using a hybrid approach (automated and manual testing), our security analysts will attempt to gain privileged access to the target systems in a controlled manner by exploiting the identified vulnerabilities in previous phase “Vulnerability Identification”.

Network Penetration Test Cyberattack Simulation

What Will You Get?

All findings will be documented in a final report, and then compared with a strengths/weaknesses profile against international standards for IT & Cyber Security. The identified weaknesses will be assessed and supplemented with recommendations and remediation actions, as well as prioritized according to the risk associated. The final report will be discussed during a presentation with you. The report will include a comprehensive and meaningful C-level summary of the executed security audit or penetration test. Additionally, it will include all detailed results with respective evidence and recommendations for future security measures.

Network Penetration Test Report

Our Cybersecurity Certifications

wizlynx's security consultants and penetration testers hold the most recognised certifications in cyber security and penetration testing industry such as: SANS/GIAC GPEN, GWAPT, GCIH, GMOB, OSCP, CEH, CISSP, CISA and more!

Top