Network Pentesting

About

Your corporate or office network is where the majority of your key data is stored and/or accessed from. Gone are the days where it was safe to assume that strong perimeter defences were enough to prevent attacks. It’s now safest to assume that your network has or will be compromised, and to then understand what an attacker could achieve once they have access and so that you can put adequate protections in place.

How we can help

Pākiki have extensive experience carrying out security testing within a wide variety of environments. Whether they are:

We can help identify the vulnerabilities in the environment, and will provide detailed and practical remediation advice on how to fix them.

Methodology

The methodology will differ depending on the nature of your environment, and what the objectives of the test are. However, it would be common for a network test to include:

  1. Reconnaissance Understanding the network layout. How devices behave, what devices can be accessed from where the consultant is located.
  2. Software/version assessment Using automated tooling to profile the software in use, understanding if any of that software has known vulnerabilities.
  3. Carry out network-protocol attacks Carefully attempt to intercept traffic, or exploit weaknesses in protocols in use, in order to gain access to data, sessions or credentials.
  4. Target Objectives Attempt to achieve any set objectives (for example, gain access to Active Directory, a database, etc)

The particular objectives of the engagement will be discussed during a scoping call, along with any limitations, or systems which should be explicitly in or out of scope.

Get in touch

We’d love to hear about your environment, and how we can help improve your security posture.