Attacks from the inside
What you gain from this testing
How Pure Hacking tests
Given Pure Hacking’s vast experience in internal architecture and system security flaws, we have developed a testing methodology that covers:
Pure Hacking initially performs stealthy attacks designed to enumerate the systems and devices within the network. This includes using valid requests to strip sensitive information out of Windows systems such as lists of valid usernames and cracking weak passwords. These systems are then fingerprinted to identify security weaknesses in order to identify any “low hanging fruit”.
Attacks against the highest value targets with the most likely success rate are then designed and executed in order to compromise systems and devices throughout the environment. These attacks range from exploiting vulnerable machines, to capturing authentication credentials from network traffic, or hacking into database providing an interface through to the underlying operating system.
At this point, password hashes are dumped and cracked in order to perform privilege escalation to an administrative account. From here, hosts with domain administrative credentials are specifically targeted to obtain domain administrative rights. This provides access to all systems and applications, leading to confidential data within file servers and databases coming compromised.
We ensure each client is provided with a comprehensive testing scope, which is agreed upon by both parties prior to the penetration test commencing.
When conducting these types of penetration tests, remember that you are allowing a testing company to access your systems, customer data and sensitive company intelligence. In effect, you’re letting them into the inner workings of your operations.
Trust is fundamental so we recommend you do your homework and research the company’s reputation, track record and experience.
For a copy of our “Testing Internal Infrastructure” data sheet, please contact us .