Black Hills Information Security Penetration Testing Services and Security Testing Services

Penetration Testing

A synopsis of some of our security testing services

The threats and vulnerabilities your organization faces in the cyber realm are highly dynamic. Security is not an attainable static state, but a continuous practice requiring constant effort and vigilance. Our penetration testing is designed to identify and focus an organization on key points of leverage to create the largest impact on security with the least cost and effort.

Don’t see what you’re looking for? Contact us here!

EXTERNAL NETWORK PENETRATION TEST
INTERNAL NETWORK PENETRATION TEST

How vulnerable is your internal network?

During this phase, we perform port scans, vulnerability scans, and testing for all computers, devices, databases, and networking equipment on in-scope networks. We then validate the scan results to weed out false positives by manually verifying a subset of results within particular vulnerability classes and review the discovered vulnerabilities. We include ones marked as “Low” or “Informational,” as well as manually probe the in-scope networks to look for additional methods of entry or compromise not flagged by a scanner.
ASSUMED COMPROMISED TEST

Mimicking the activities an attacker or malicious insider might perform.

Starting as a least-privileged user, we attempt to gain access to other systems, identify sensitive information, escalate privileges on the network, and pivot to other areas of the network using a local system with only normal user credentials provided by you. The level of access used as a starting point simulates what an attacker may have gained through a successful phishing email campaign or by imitating an employee or contractor. This item is meant to highlight the “unknown unknowns” and assist your company with understanding what can happen and how – ultimately allowing you to raise the bar on your internal security.
WEB APPLICATION PENETRATION TEST

We perform an in-depth assessment of web applications in order to discover vulnerabilities caused by programming errors, configuration weaknesses, or faulty assumptions about user behavior. Both manual inspection and automated scanning tools are used to identify vulnerabilities.
RED TEAM

In a red team engagement, testers attempt to effectively model a threat actor. Since red team engagements test the capabilities of people in addition to technology, the customer organization often only has two or three people aware of a red team at any given time. Since testers attempt to fly under the radar of target security teams, red team engagements tend to take more time and effort. Red team engagements require attacks crafted for each particular engagement. Thus, we only recommend red team engagements for organizations who have had regular vulnerability assessments and penetration tests in the past.
MOBILE APPLICATION ASSESSMENT

How vulnerable are your mobile applications?

During this stage of the test, we investigate the security surrounding mobile applications that are used by the business and customers. The investigation would include assessing application-level vulnerabilities, as well as issues dealing with API calls made to your servers.
WIRELESS PENETRATION TEST

A BHIS penetration test will tell you not only what we found but how we found it. This approach is the key to lasting improvement. It addresses your tools and technology and, most importantly, it improves the capabilities and understanding of your people. Knowledge transfer enables your team to adapt to the ever-changing threat landscape, creating a methodology, not just a “fix.”

DEPLOYMENT OF AC-HUNTER

Suspect or wonder if you might be compromised already? Black Hills Information Security and Active Countermeasures believe that it is worthwhile to assume you have already suffered a compromise. Using that assumption, start hunting for attackers who have successfully flown under the radar.

Hunt Teaming with AC-Hunter is an activity where we search for attackers who successfully use evasion techniques to bypass traditional detection methods. Our proprietary technology allows us to skip system forensics and look for network behavior that indicates possible command and control channels.

Attackers are getting smarter every day, many have discovered evasion techniques that bypass traditional detection methods. Your network could already be compromised and waiting for the attacker to take action exposes your business to risk.

Black Hills Information Security (BHIS) and Active Countermeasures will help you avoid this risk by hunting for attackers that have successfully flown under your radar and shutting them down.

We do this by deploying a multi-pronged approach combining BHIS Hunt Teaming experts and our proprietary AC-HunterTM technology. We go beyond system forensics and look for network behavior that indicates possible command and control channels which exposes compromises and allows for remediation.