Once an attacker has conducted the reconnaissance stage, simulated in our Corporate Internet Investigation, they move onto active attack methods. Information gathered in the earlier stage can be used to begin assessing external facing systems. This service will attempt to map your organisation’s internet facing systems which attackers may try to compromise. We will use publicly available exploitation, tooling and techniques as well as some in-house tooling. In short, we will try to get in using as many different means as possible.
We will then help identify potential vulnerabilities that may exist and in our final report discuss mitigations to reduce the attack surface. We will attempt to assess all external facing systems, but be aware that if systems are hosted by a third party permission must be obtained to assess those services. This will be checked with you at the time of starting the service.
This is not to be confused with a full penetration test. The aim of this vulnerability assessments is to identify vulnerabilities in external systems without spending long periods of time on assessments trying to find every possible exploitation vector.
Once your organisation has gone through our services we can recommend our IASME trusted supplier network to take on additional services such as a full penetration test. Our trusted suppliers have been subject to due diligence checks by the accreditation body appointed by the National Cyber Security Centre, the UK’s National Technical Authority who are apart of GCHQ. They are also certification bodies for Cyber Essentials and Cyber Essentials Plus.
Ready to grow your cyber resilience? Get in touch, we would love to help!
Tel: 0161 706 0940
Email: [email protected]