A physical penetration test is a set of simulated attacks performed by our experts to identify weaknesses in your organisation's physical security. This exercise consists of evaluating the security controls and bypassing any physical or electronic security measures to gain access to secure areas. Consultants will advise where insufficient security controls are in place. This includes looking for insufficient CCTV coverage, along with insecure locks and windows. Physical security assessments could also involve consultants being escorted around the premises.

Browser exploitation is a client-side attack that attempts to discover and exploit vulnerabilities either in or through the web browser, not just the network perimeter and client system. This is a technique often used by Advanced Persistent Threat (APT) groups and can provide a foothold for further attacks. Our assessment can consider multiple web browsers and use them as a base for instigating command modules and advanced attacks against the system from within the browser context.

Our consultants assess the internal or external infrastructure and attempt to identify and exploit vulnerabilities within the agreed scope. We will attempt to discover vulnerabilities such as weaknesses caused by misconfiguration, and unpatched firmware or software, using a mixture of automated software, manual analysis and our wealth of experience in this area.

Our experts will gather information from public sources, as well as from both passive and active scanning of the infrastructure.

Our expert consultants assess the application and attempt to identify and exploit vulnerabilities within the agreed scope. This is a largely manual assessment although some automated tools may be used.

A vulnerability in an application may lead to other elements of the environment being included in the assessment. Typically, the requirement would be to determine the full extent of access or penetration and so the scope would be far wider than the single application.

Consultants assess the security of the Wi-Fi network, looking to confirm the use of a suitable encryption scheme. Where a pre-shared key is used, the strength of this would be assessed.

Among other things, we consider network segregation, access to other networks, and applications available through the Wi-Fi network. We would also look at spoofing (otherwise known as the evil twin attack), creating an access point with the same SSID as the network to trick users.

Social engineering involves hackers manipulating people from within an organisation into carrying out damaging actions or divulging valuable information.

Our CREST-accredited team have spent more than 23 years protecting businesses like yours from this kind of threat, which includes everything from phishing to social media information leakage. Our experts provide a bespoke range of real-world social engineering services to highlight issues, provide vital metrics and identify weak spots that could be exploited.