ASSESSMENT & TESTING

Ransomware Recovery

Playing the role of a determined hacker, Breadcrumb will expose your organization to real-world attack scenarios.

------ SERVICE OVERVIEW

A Penetration Test provides your organization with a unique birds-eye view of the effectiveness of your security posture. Newer companies may not yet have a handle on their network security. Conversely, more mature companies often have large, multi-faceted networks with easily overlooked elements—particularly as more organizations move to cloud-based systems. Both of these scenarios leave the potential for catastrophic breaches.

During Penetration Testing, Breadcrumb engineers will carefully and systematically play the role of a determined hacker. Simulating sophisticated and real-world attacks, actual hacking tools and industry-leading frameworks will be leveraged to identify and exploit configuration deficiencies.

"Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time." - Cybersecurity Ventures

Assessment Options

Active Directory Assessment
Internal Penetration Testing
Website Security Testing
External Penetration Testing
Web Application Testing
Mobile Application Testing
Cloud Security Assessments
Office 365 Security Assessment
Social Engineering
Wireless Assessments

ASSESSMENT CATEGORIES

Active Directory Assessment
Website Security Testing
External Penetration Testing
Internal Penetration Testing
Web Application Testing
Mobile Application Testing
Office 365 Security Assessment
Cloud Security Assessments
Social Engineering
Wireless Assessments

THE PROCESS

1.
Network Scope


Effective communication with your organization is emphasized to create an operating environment that is comfortable for both parties. Variables such as IT assets, IP scopes, engagement timelines, and rules of engagement will be discussed.

2.
Information Gathering


Employing numerous reconnaissance strategies, Breadcrumb engineers will collect as much information as possible on the Customers organization. The harvested information will allow Breadcrumb engineers to assess potential risk, exploitability likelihood, and ultimately guide the decision on the chosen attack vector.


3.
Enumeration and Scanning

Utilizing a variety of automated tools, scripts, and other methods of advanced information gathering, Breadcrumb engineers will enumerate and validate attack surfaces.

4.
Attack & Penetration

After careful and intentional preparation, the engagement focus turns to the exploitation of isolated vulnerabilities. Breadcrumb engineers with otherwise attempt to prove the existence of conceptual attack vectors, while preserving the integrity of the network.

REPORTING DELIVERABLES

  • Engagement Overview
This section will highlight the premise of the scope, the services being performed, key objectives, and deliverables. This content is useful for regulators, insurance companies, and key-customers seeking clarity on your security assessment practices.
  • Executive Summary

This section is intended for executive personnel, and in plain terms, outlines the overall risk for the organization. It will detail: 1) Summary of Strengths, 2) Summary of Weaknesses, and 3) Strategic Recommendations.

  • Recommendations / Quick Wins
Understanding that security assessment reports can be overwhelming to start with, this section outlines practical and tactical steps to make immediate and measurable improvements to the security posture of the organization.
  • Summary of Findings
This section breaks down each control category and presents key findings and recommendations associated with each category. This section is highly technical and is intended for senior technical personnel.
  • Penetration Testing Results
Filler text **needs replacement***
  • Attachments
Filler text **needs replacement***
“…Breadcrumb’s local presence and deep understanding of the medical industry make them an ideal choice for our organization. I highly recommend Breadcrumb’s services and look forward to working with them in the future.”
— Gretta Petersen, Director of Operations Support Services