Penetration Testing

Penetration Testing.

Penetration testing (pen-test) is an authorized, simulated cyber-attack against a company’s assets. The purpose of a pen-test is to evaluate the comprehensive security of a system by identifying opportunities for unauthorized access and demonstrating the impact of exploitation. The primary goal of a pen-test is a list of remediations/countermeasures to reduce security risk to the system.

AlphaONE provides white/black/gray box penetration testing in addition to red/blue/purple team engagements.

Internal Network

Focuses on determining the potential business impact of a security breach and validating the level of effort required for an attacker to overcome your security infrastructure. After access is gained, AlphaONE identifies configuration issues and vulnerabilities that can be exploited. Using that information, AlphaONE attempts to complete several objectives that are designed to replicate common attack vectors.

External Network

Consists of enumerating and verifying vulnerabilities that could be exploited by external attackers to gain unauthorized access to your systems. AlphaONE’s team plays the role of an external attacker, attempting to exploit vulnerable systems to obtain confidential information or compromise network perimeter defenses.

Wireless Network

Wireless technology is now a daily part of life, for both business and personal use. At AlphaONE we want to find the gaps in the security of your wireless technology before an attacker does. We offer advanced wireless network penetration testing which emulates an attacker trying to gain access to the internal network through the wireless network. It also includes some elements of an audit, ensuring your wireless network is in-line with industry standards.

Web Application & API

Focuses on evaluating the security of a web application by using aspects of the Penetration Testing Execution Standard (PTES) and the OWASP standard testing checklist, and involves an active analysis of the application for any weaknesses, technical flaws or other vulnerabilities.

Mobile Application

A mobile application penetration test emulates an attack specifically targeting a custom mobile application (iOS and/or Android) and aims to enumerate all vulnerabilities within an app, ranging from binary compile issues and improper sensitive data storage to more traditional application-based issues such as username enumeration or injection.

Physical Security

This type of testing, also known as physical intrusion testing, attempts to compromise perimeter security, intrusion alarms, motion detectors, locks, sensors, cameras, mantraps and other physical barriers to gain unauthorized physical access to sensitive areas.

Electronic Social Engineering

Our Social Engineering Penetration Test begins with an Open Source Intelligence (OSINT) investigation. Your company and high value internal personnel are the focus of investigation. We collect data from publicly available sources. Such as social media platforms, interest and hobby sites. As well as, public records and various online databases. Our goal is to find information that would enable an attacker to perform targeted attacks against your employees. This may result in information that could give an attacker access to your facilities, accounts, or other sensitive information.

Using this information, we tailor attacks known as “spear phishing” and “spear vishing” specific to chosen individuals. The goal is to show how an attacker can start with freely available online information and leverage that into possible personnel or data compromise within an organization.

Red Teaming

Red teams simulate real-world attacks that focus on the effectiveness of an entire information security program utilizing the same tools, tactics and techniques that attackers would likely employ. The goal is different in that adds focus to people and process, not just a particular sub-system within your tech stack.