ASSESSMENT & TESTING

Penetration Testing

Carefully and systematically playing the role of a determined hacker, Breadcrumb exposes your organization to real-world hacking scenarios.

------ SERVICE OVERVIEW

A Penetration Test provides your organization with a unique birds-eye view of the effectiveness of your security posture. Newer companies may not yet have a handle on their network security. Conversely, more mature companies often have large, multi-faceted networks with easily overlooked elements – particularly as more organizations move to cloud-based systems. Both of these scenarios leave the potential for catastrophic breaches.

During Penetration Testing, Breadcrumb engineers will carefully and systematically play the role of a determined hacker. Simulating sophisticated real-world attack strategies, actual hacking tools and industry-leading frameworks are leveraged to identify and exploit configuration deficiencies.

"Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time." - Cybersecurity Ventures

Assessment Categories

Active Directory Assessment
Internal Penetration Testing
Website Security Testing
External Penetration Testing
Web Application Testing
Mobile Application Testing
Cloud Security Assessments
Office 365 Security Assessment
Social Engineering
Wireless Assessments

Assessment Categories

Active Directory Assessment
Website Security Testing
External Penetration Testing
Internal Penetration Testing
Web Application Testing
Mobile Application Testing
Office 365 Security Assessment
Cloud Security Assessments
Social Engineering
Wireless Assessments

The Process

1.
Network Scope

Effective communication with your organization is emphasized to create an operating environment that is comfortable for both parties. Variables such as IT assets, IP scopes, engagement timelines, and rules of engagement will be discussed.

2.
Information Gathering
Employing numerous reconnaissance strategies, Breadcrumb engineers will collect as much information as possible on the Client’s organization. The harvested information will allow Breadcrumb engineers to assess potential risk, exploitability likelihood, and ultimately guide the decision on the chosen attack vector.
3.
Enumeration and Scanning
Utilizing a variety of automated tools, scripts, and other methods of advanced information gathering, Breadcrumb engineers will enumerate and validate attack surfaces.
4.
Attack & Penetration
After careful and intentional preparation, the engagement focus turns to the exploitation of isolated vulnerabilities. Breadcrumb engineers will otherwise attempt to prove the existence of conceptual attack vectors while preserving the integrity of the network.

Report Deliverable's

  • Engagement Overview

This section will highlight the premise of the scope, the services being performed, key objectives, and deliverables. This content is useful for regulators, insurance companies, and key-customers seeking clarity on your security assessment practices.

  • Executive Summary
This section is intended for executive personnel and, in plain terms, outlines the overall risk for the organization. It will detail: 1) Summary of Strengths, 2) Summary of Weaknesses, and 3) Strategic Recommendations.
  • Recommendations / Quick Wins
Understanding that security assessment reports can be overwhelming to start with, this section outlines practical and tactical steps to make immediate and measurable improvements to the security posture of the organization.
  • Summary of Findings
This section breaks down each control category and presents key findings and recommendations associated with each category. This section is highly technical and is intended for senior technical personnel.
  • Penetration Testing Results

The section provides a detailed breakdown of penetration testing steps, how vectors were exploited, what data was stolen – all accompanied with screen shots and proof of access.

  • Supporting Documentation​

This section provides a breakdown of all associated and relevant attachments, including but not limited to vulnerability result exports, developed malware, WiFi exploitation results, solved passwords, intercepted clear-text traffic, and more.

“The team at Breadcrumb demonstrated their ability in detecting cyber threats – improving the security of our organization.”
— Jim Ronyak, Dr. Director of Technology | Mercatus Center at GMU