Penetration Testing

A synopsis of some of our security testing services

Most organizations fail to realize that both the threats and vulnerabilities they face are dynamic. Security is not an attainable static state, but an ongoing practice – constant diligence is required. Penetration testing can be the security review an organization needs to see how to keep their infrastructure updated and ready.

Being involved in the Information Security industry we incorporate this knowledge into our testing methodology when working with clients. We specialize in techniques and approaches to effectively assess the security of an organization and implement defenses.

Security is a process. Identifying and exploiting vulnerabilities in systems is only one step. Our approach includes various methods and techniques that make our services unique.

When a system is compromised using an exploit, some may believe that they have “won” and the testing is over. We believe that this is simply the beginning of true testing. When a system is compromised it is important to explore the capabilities this would give an attacker in order to best document and understand risk.

Don’t see what you’re looking for? Contact us here!



Data collection for a comprehensive test

Gathering information is the most important step in an assessment. We are leaders in the specific areas of document metadata collection. Using custom tools developed at BHIS as well as open source tools, testers determine your organization’s Internet footprint and attack surface, gather a list of employee contacts, and determine if employee email addresses are present in databases resulting from third-party data breaches.


How vulnerable is your public facing system?

In an External Penetration test, we perform a vulnerability scan of your company’s externally facing (public) systems, manually verify issues, and exploit issues.


How vulnerable is your internal network?

During this phase, we perform port scans, vulnerability scans, and testing for all computers, devices, databases and networking equipment on in-scope networks. We then validate the scan results to weed out false positives by manually verifying a subset of results within particular vulnerability classes, review the discovered vulnerabilities.  We include ones marked as “Low” or “Informational”, as well as manually probe the in-scope networks to look for additional methods of entry or compromise not flagged by a scanner.


How well can you deter an invader?

During a C2 assessment, we will investigate your organization’s ability to detect and prevent various malware, block incoming malware that is sent via email, and prevent sensitive data from leaving your company’s network.  This item is meant to highlight the “unknown unknowns”.  The purpose is to test your ability to detect and alert on the activities an attacker or malicious insider might perform.


Mimicking the activities an attacker or malicious insider might perform

Starting as a least privileged user we attempt to gain access to other systems, identify sensitive information, escalate privileges on the network, and pivot to other areas of the network using a local system with only normal user credentials provided by you. The level of access used as a starting point simulates what an attacker may have gained through a successful phishing email campaign or by imitating an employee or contractor. This item is meant to highlight the “unknown unknowns” and assist your company with understanding what can happen and how ultimately allowing you to raise the bar on your internal security.


We perform an in-depth assessment of web applications in order to discover vulnerabilities caused by programming errors, configuration weaknesses, or faulty assumptions about user behavior. Both manual inspection and automated scanning tools are used to identify vulnerabilities.


How vulnerable are your mobile applications

Mobile Application Assessment – During this stage of the test we investigate the security surrounding mobile applications that are used by the business and customers. The investigation would include assessing application-level vulnerabilities, as well as issues dealing with API calls made to your servers.

In a Wireless Penetration test, we map your company’s wireless footprint, attempt to find rogue access points, and assess the overall security of the wireless systems that are in place.


What is a Red Team exercise and how is it different from a  penetration test? One of the key differences between a Red Team engagement is the effective modeling of a threat actor; nation states will attack differently from organized crime who will attack differently from a competitor.  Because we have such a strong background in incident response we have constant access to how various actors are currently attacking.

A red team engagement will often do some of the same activities as a penetration test in fundamental different ways.  For example, many penetration tests require sending phishing emails to hundreds of users.  In a Red Team engagement, often the phishes are far more targeted and reduced in the total number sent.

Finally, it is very common for penetration tests to involve multiple members of the customer organization working in conjunction to support the overall activities of the testers.  In a Red Team engagement, the customer organization often only has two or three people aware of the test at any given time.  This is because we are not only testing the organization’s technical capabilities, but we are also testing the capabilities of the people behind the technology as well. 

It is also important to note that Red Team engagements tend to take a lot more time and effort so as to fly under the radar of target security teams.  Attacks become an art crafted for each engagement.  Because of this, we only recommend Red Team engagements for organizations who have had regular vulnerability assessments and penetration tests in the past.


Suspect or wonder if you might be compromised already? Black Hills Information Security and Active Countermeasures believe that it is worthwhile to assume you have already suffered a compromise. Using that assumption, start hunting for attackers who have successfully flown under the radar.

Hunt Teaming with AI-Hunter is an activity where we search for attackers who successfully use evasion techniques to bypass traditional detection methods. Our proprietary technology allows us to skip system forensics and look for network behavior that indicates possible command and control channels. 

Attackers are getting smarter every day, many have discovered evasion        techniques that bypass traditional detection methods. Your network could already be compromised and waiting for the attacker to take action exposes your business to risk.

Black Hills Information Security (BHIS) and Active Countermeasures will help you avoid this risk by hunting for attackers that have successfully flown under your radar and shutting them down.

We do this by deploying a multi-pronged approach combining BHIS Hunt Teaming experts and our proprietary AI-HunterTM technology. We go beyond system forensics and look for network behavior that indicates possible command and control channels which exposes compromises and allows for remediation.

Contact us for more information.