Black Hills Information Security Penetration Testing Services and Security Testing Services

Penetration Testing

A synopsis of some of our security testing services

The threats and vulnerabilities your organization faces in the cyber realm are highly dynamic. Security is not an attainable static state, but a continuous practice requiring constant effort and vigilance. Our penetration testing is designed to identify and focus an organization on key points of leverage to create the largest impact on security with the least cost and effort.

Don’t see what you’re looking for? Contact us here!

EXTERNAL NETWORK PENETRATION TEST
INTERNAL NETWORK PENETRATION TEST

How vulnerable is your internal network?

During this phase, we perform port scans, vulnerability scans, and testing for all computers, devices, databases and networking equipment on in-scope networks. We then validate the scan results to weed out false positives by manually verifying a subset of results within particular vulnerability classes, review the discovered vulnerabilities. We include ones marked as “Low” or “Informational”, as well as manually probe the in-scope networks to look for additional methods of entry or compromise not flagged by a scanner.
PIVOT (ASSUMED COMPROMISE) TEST

Mimicking the activities an attacker or malicious insider might perform

Starting as a least privileged user we attempt to gain access to other systems, identify sensitive information, escalate privileges on the network, and pivot to other areas of the network using a local system with only normal user credentials provided by you. The level of access used as a starting point simulates what an attacker may have gained through a successful phishing email campaign or by imitating an employee or contractor. This item is meant to highlight the “unknown unknowns” and assist your company with understanding what can happen and how ultimately allowing you to raise the bar on your internal security.
WEB APPLICATION PENETRATION TEST
COMMAND AND CONTROL & DATA EXFILTRATION ASSESSMENT

How well can you deter an invader?

During a C2 assessment, we will investigate your organization’s ability to detect and prevent various malware, block incoming malware that is sent via email, and prevent sensitive data from leaving your company’s network. This item is meant to highlight the “unknown unknowns”. The purpose is to test your ability to detect and alert on the activities an attacker or malicious insider might perform.
RED TEAM

In a red team engagement, testers attempt to effectively model a threat actor. Since red team engagements test the capabilities of people in addition to technology, the customer organization often only has two or three people aware of a red team at any given time. Since testers attempt to fly under the radar of target security teams, red team engagements tend to take more time and effort. Red team engagements require attacks crafted for each particular engagement. Thus, we only recommend red team engagements for organizations who have had regular vulnerability assessments and penetration tests in the past.
MOBILE APPLICATION ASSESSMENT

How vulnerable are your mobile applications

Mobile Application Assessment – During this stage of the test we investigate the security surrounding mobile applications that are used by the business and customers. The investigation would include assessing application-level vulnerabilities, as well as issues dealing with API calls made to your servers.
WIRELESS APPLICATION

A BHIS penetration test will tell you not only what we found but how we found it. This approach is the key to lasting improvement. It addresses your tools and technology but more importantly, it improves the capabilities and understanding of your people. Knowledge transfer enables your team to adapt with the ever-changing threat landscape, creating a methodology not just a “fix.”

DEPLOYMENT OF AI-HUNTER

Suspect or wonder if you might be compromised already? Black Hills Information Security and Active Countermeasures believe that it is worthwhile to assume you have already suffered a compromise. Using that assumption, start hunting for attackers who have successfully flown under the radar.

Hunt Teaming with AI-Hunter is an activity where we search for attackers who successfully use evasion techniques to bypass traditional detection methods. Our proprietary technology allows us to skip system forensics and look for network behavior that indicates possible command and control channels.

Attackers are getting smarter every day, many have discovered evasion techniques that bypass traditional detection methods. Your network could already be compromised and waiting for the attacker to take action exposes your business to risk.

Black Hills Information Security (BHIS) and Active Countermeasures will help you avoid this risk by hunting for attackers that have successfully flown under your radar and shutting them down.

We do this by deploying a multi-pronged approach combining BHIS Hunt Teaming experts and our proprietary AI-HunterTM technology. We go beyond system forensics and look for network behavior that indicates possible command and control channels which exposes compromises and allows for remediation.