In a penetration test, a target application or service will be put through a wide range of test cases and vulnerability discovery methods, including network analysis, reverse engineering and sometimes fuzzing of custom protocols and API’s.
The goal of an penetration test is to uncover potential known and unknown weaknesses or bugs that can be used by an attacker to exploit the application or service.
HIGH- LEVEL EXECUTIVE SUMMARY REPORT
All services from Banshie provides a high-level executive summary report to ensure concrete and precise communication.
TECHNICAL FINDINGS AND DOCUMENTATION
All findings are reported, risk scored and documented so they can be reproduced at any time.
To ensure prioritization all assessments come with strategic recommendations.
At the end of the simulation the company will receive a full report containing an executive summary and details on the attack path taken by Banshie.
In addition to this the company will receive a full overview of the actions performed by Banshie mapped to the MITRE ATT&CK framework.
These mappings can be used as part of the MITRE ATT&CK Service or internally to map out and document areas of improvement against future threats.
Banshie will also provide a full description and thought process behind the attack and as well as key areas of improvement. The end deliverable will contain at least the following:
Attack narrative incl. dates and timestamps
Exploitable vulnerabilities found
Remediation and mitigation strategies
Indicators of Compromise for post-exercise analysis
Details on working and effective defenses
MITRE ATT&CK Mapping
Custom Proof of Concept code
Exercise walkthrough with blue team.
In an attack simulation the company will test their defenses and detection capabilities.
Banshie will perform a “closed book” test simulating a real threat attacking the organization.
Based on the assumed breach mentality we will simulate a real attacker based on real tools and technique to train the detection and response readiness.
We will use the techniques and tools used by real attackers to demonstrate exploitable vulnerabilities and strong defenses present in the current security posture.
This will give an overview of which areas to improve.
The engagement follows the Cyber Attack Life cycle. However the first part of the engagement is to get past the perimeter defenses which, in an assume breach is skipped entirely.
This is to make sure the focus is on the internal security posture.
Ready to get started?
Our security experts are standing by to help you with an incident or answer questions about our consulting and managed detection and response services.
Banshie has a wide skillset and many years of experience in penetration testing and exploit development and are standing by to help you