Offensive Security
Penetration Testing
Simulated real-world attacks against your networks, applications, and infrastructure to identify exploitable vulnerabilities before adversaries do.
External Penetration Testing
- Vulnerability scanning and manual exploitation
- Open source intelligence gathering (OSINT)
- Username and account enumeration
- Breached credential intelligence gathering
- Service, port, and website enumeration
- Attacking login portals (Website, O365, VPN, etc.)
- Multi-Factor Authentication (MFA) bypassing
- Enumerating third parties for data leaks (S3 Buckets, GitHub, etc.)
- Other testing depending on specific customer content and footprint
Internal Penetration Testing
- Vulnerability scanning, service enumeration and manual exploitation
- Active Directory security testing
- Shared resource enumeration
- Password and pass-the-hash attacks
- Pivoting attacks
- Ticket attacks, such as silver tickets and golden tickets
- Man-in-the-middle attacks (LLMNR/NBT-NS poisoning, SMB relaying, LDAP relaying, IPv6 relaying, etc.)
- Password hash cracking
- Kerberoasting attacks
- Other testing depending on specific customer content and footprint