Black Hills Information Security Penetration Testing Services and Security Testing Services

Penetration Testing

A synopsis of some of our security testing services

The threats and vulnerabilities your organization faces in the cyber realm are highly dynamic. Security is not an attainable static state, but a continuous practice requiring constant effort and vigilance. Our penetration testing is designed to identify and focus an organization on key points of leverage to create the largest impact on security with the least cost and effort.

Don’t see what you’re looking for? Contact us here!

EXTERNAL NETWORK PENETRATION TEST
INTERNAL NETWORK PENETRATION TEST

How vulnerable is your internal network?

During this phase, we perform port scans, vulnerability scans, and testing for all computers, devices, databases, and networking equipment on in-scope networks. We then validate the scan results to weed out false positives by manually verifying a subset of results within particular vulnerability classes and review the discovered vulnerabilities. We include ones marked as “Low” or “Informational,” as well as manually probe the in-scope networks to look for additional methods of entry or compromise not flagged by a scanner.
CONTINUOUS PENETRATION TESTING (ANTISOC)

Newer from BHIS, our Continuous Penetration Testing, or ANTISOC^TM is just what it sounds like – a red team operations center. Based on customer and tester feedback, we created this offering to expand upon the traditional point-in-time penetration test.
ASSUMED COMPROMISED TEST

Mimicking the activities an attacker or malicious insider might perform.

Starting as a least-privileged user, we attempt to gain access to other systems, identify sensitive information, escalate privileges on the network, and pivot to other areas of the network using a local system with only normal user credentials provided by you. The level of access used as a starting point simulates what an attacker may have gained through a successful phishing email campaign or by imitating an employee or contractor. This item is meant to highlight the “unknown unknowns” and assist your company with understanding what can happen and how – ultimately allowing you to raise the bar on your internal security.
WEB APPLICATION PENETRATION TEST

We perform an in-depth assessment of web applications in order to discover vulnerabilities caused by programming errors, configuration weaknesses, or faulty assumptions about user behavior. Both manual inspection and automated scanning tools are used to identify vulnerabilities.
RED TEAM

In a red team engagement, testers attempt to effectively model a threat actor. Since red team engagements test the capabilities of people in addition to technology, the customer organization often only has two or three people aware of a red team at any given time. Since testers attempt to fly under the radar of target security teams, red team engagements tend to take more time and effort. Red team engagements require attacks crafted for each particular engagement. Thus, we only recommend red team engagements for organizations who have had regular vulnerability assessments and penetration tests in the past.
MOBILE APPLICATION ASSESSMENT

How vulnerable are your mobile applications?

During this stage of the test, we investigate the security surrounding mobile applications that are used by the business and customers. The investigation would include assessing application-level vulnerabilities, as well as issues dealing with API calls made to your servers.
WIRELESS PENETRATION TEST

A BHIS penetration test will tell you not only what we found but how we found it. This approach is the key to lasting improvement. It addresses your tools and technology and, most importantly, it improves the capabilities and understanding of your people. Knowledge transfer enables your team to adapt to the ever-changing threat landscape, creating a methodology, not just a “fix.”

At Black Hills, we approach AI from three angles. First, we test AI – when our clients deploy AI-powered platforms, we red team them against real adversarial attacks like prompt injection, model extraction, and data poisoning, grounded in OWASP, MITRE ATLAS, and NIST frameworks. We also use our existing application expertise to find flaws in the systems that run AI, and that is where many issues are currently found.

Second, we build with AI – we’ve developed our own agentic AI penetration testing platform that encodes decades of our team’s offensive methodology into autonomous agents that investigate, chain attacks, and validate findings at scale.

And third, we empower through AI – we’ve built an AI-positive culture where every tester has access to agentic AI tools and is encouraged to create their own skills that enhance their tradecraft, while we maintain strict controls to keep customer data safe. We don’t just talk about AI security – we attack it, build it, and live it.