Penetration Testing

A synopsis of some of our security testing services

Most organizations fail to realize that both the threats and vulnerabilities they face are dynamic. Security is not an attainable static state, but an ongoing practice – constant diligence is required. Penetration testing can be the security review an organization needs to see how to keep their infrastructure updated and ready.

Being involved in the Information Security industry we incorporate this knowledge into our testing methodology when working with clients. We specialize in techniques and approaches to effectively assess the security of an organization and implement defenses.

Security is a process. Identifying and exploiting vulnerabilities in systems is only one step. Our approach includes various methods and techniques that make our services unique.

When a system is compromised using an exploit, some may believe that they have “won” and the testing is over. We believe that this is simply the beginning of true testing. When a system is compromised it is important to explore the capabilities this would give an attacker in order to best document and understand risk.

Don’t see what you’re looking for? Contact us here!




Data collection for a comprehensive test

Gathering information is the most important step in an assessment. We are leaders in the specific areas of document metadata collection. Using custom tools developed at BHIS, testers determine your organization’s Internet footprint and attack surface, gather a list of employee contacts, and determine if employee email addresses are present in databases resulting from third-party data breaches.


Helping you develop new and effective ways to identify, assess and remove attackers

Attackers achieve results through persistence. Not only do they want to gain access to your systems, they want to remain hidden. They focus on bypassing Anti-Virus technologies, and may even use your own remote management technologies to control your network, flying under the radar of most IDS/IPS/SIM/AV technologies.

We have extensive experience modeling and executing attacks on different types of environments, so we understand how the modern attacker thinks and reacts. We want to help you develop new and effective ways that are forensically sound so that you can identify what the attackers are looking for, what they have gotten, and then how to remove them.



We can help you meet all the standards
BHIS is well versed in helping companies be compliant in a number of different compliance standards:
  • NIST
  • ISO 27001
  • DoD/IC Standards
  • Critical Controls 
We have a different approach to these standards, we not only review your documentation, we also run through a series of technical tests to evaluate exactly how you are (or not) in compliance. Our technical hybrid approach allows us to provide our customers with a far more accurate scorecard for comprehensive gap analysis. Not only will we help you get compliant, conduct annual reviews of your security, and make sure your risk is at the specified acceptable level in a cost-effective, timely manner. 


We review the internal network infrastructure
During this assessment we look for security issues resulting from the configuration. Additionally, we assess the firewall configurations that are in place to help find potential vulnerabilities.


How well can you deter an invader?

During a C2 assessment, we will investigate your organization’s ability to detect and prevent various malware, block incoming malware that is sent via email, and prevent sensitive data from leaving your company’s network.  This item is meant to highlight the “unknown unknowns”.  The purpose is to test your ability to detect and alert on the activities an attacker or malicious insider might perform.



Mimicking the activities an attacker or malicious insider might perform

Starting as a least privileged user we attempt to gain access to other systems, identify sensitive information, escalate privileges on the network, and pivot to other areas of the network using a local system with only normal user credentials provided by you. The level of access used as a starting point simulates what an attacker may have gained through a successful phishing email campaign or by imitating an employee or contractor. This item is meant to highlight the “unknown unknowns” and assist your company with understanding what can happen and how ultimately allowing you to raise the bar on your internal security.




How vulnerable is your internal network?

During this phase, we perform port scans, vulnerability scans, and testing for all computers, devices, databases and networking equipment on in-scope networks. We then validate the scan results to weed out false positives by manually verifying a subset of results within particular vulnerability classes, review the discovered vulnerabilities.  We include ones marked as “Low” or “Informational”, as well as manually probe the in-scope networks to look for additional methods of entry or compromise not flagged by a scanner.



How vulnerable is your public facing system?

In an External Penetration test, we perform a vulnerability scan of your company’s externally facing (public) systems, manually verify issues, and exploit issues.

Bear Trap


Using our proprietary software to detect threats


Using a combination of open source and proprietary software developed by BHIS, the team performs an in-depth analysis of traffic that is collected over at least a 24-hour period. The analysis uses state-of-the-art methods to highlight behaviors associated with potential indicators of compromise and point to systems that should be investigated further.


How vulnerable are your mobile applications

Mobile Application Assessment – During this stage of the test we investigate the security surrounding mobile applications that are used by the business and customers. The investigation would include assessing application-level vulnerabilities, as well as issues dealing with API calls made to your servers.

In a Wireless Penetration test, we map your company’s wireless footprint, attempt to find rogue access points, and assess the overall security of the wireless systems that are in place.


We perform an in-depth assessment of web applications in order to discover vulnerabilities caused by programming errors, configuration weaknesses, or faulty assumptions about user behavior. Both manual inspection and automated scanning tools are used to identify vulnerabilities.
gold panning


Our process is more than just getting the gold

When a system is compromised using an exploit, some may believe that they have “won” and the testing is over. We believe that this is simply the beginning of true testing. When a system is compromised it is important to explore the capabilities this would give an attacker in order to best document and understand risk.


The single most important part of our process

A key part of a company’s security architecture is the people that drive the technology. We provide custom training specialized to meet the needs of your organization. Our clients can attest to the advantages of training with our top-rated instructors, all of whom have trained hundreds of security professionals through the SANS Institute. Allow us to come and help you develop your company specific training.