Penetration Testing

Penetration Testing

Real-world testing, without real-world consequences.


Penetration Testing

Penetration Testing

Real-world testing, without real-world consequences.

The best defense is a good offense, and preventing attacks often requires thinking like an attacker.

Having a local firm that specializes in cybersecurity was indispensable. Their findings and recommendations were insightful and practical. We look forward to an on-going security partnership with Breadcrumb.
— Barry Maas, President | Administrative Solutions, Inc

A network penetration test provides your organization with a unique birds-eye view of your security system’s effectiveness. Newer companies may not yet have a handle on their network security. Conversely, more mature companies often have large, multi-faceted networks with easily overlooked elements—particularly as more organizations move to cloud-based systems. Both of these scenarios leave the potential for catastrophic breaches.

Breadcrumb offers a holistic approach to measuring the cyber-risk within your organization. The fundamental premise of our penetration testing program seeks to understand and answer four core questions:

  • By what means could your organization be compromised by external malicious threats

  • Could a hacker be detected once inside your network

  • How fast could a hacker steal sensitive data once they have a foothold within your environment

  • How susceptible is your staff to targeted breach scenarios

All of these variables are evaluated within the context of people and process, not just technology. Given that technology alone is a small portion of any security program, correctly understanding how your employees, and their workflows, influence security exposures is critical to guarding against the loss of data - and protecting corporate reputation.

During the penetration test, Breadcrumb engineers will carefully and systematically play the role of a determined hacker.

Simulating sophisticated and targeted real-world attacks, actual hacking tools and industry-leading scanning, mapping, and analysis frameworks will be leveraged to identify and exploit configuration deficiencies. This premise of this exercise is to assess how far an intruder can penetrate corporate network(s) and expose sensitive data.

Typical Penetration Testing Strategies:

  • Business Email Compromise

  • Customer Malware Development

  • Data Inference, Metadata Harvesting

  • Help Desk Impersonation

  • Physical Walk-Ins

  • Social Engineering

  • Spoofed Phone Calls

  • Vendor Impersonation

  • Wire Fraud Simulation

  • Wireless Impersonation

Contact Us Today

Name *

Vulnerability Assessments

Vulnerability Assessments

You cannot prevent what you already allow.

Vulnerability Assessments

Vulnerability Assessments

You cannot prevent what you already allow.

A comprehensive vulnerability assessment is the foundation for understanding your organizational security posture.

What exactly is a vulnerability assessment? Through automated and manual discovery processes, Breadcrumb will evaluate your technology assets for known security vulnerabilities and weaknesses. Discovering these, and mitigating them, is a pivotal step in measuring your prevention efforts to date, and protecting your organization from breach moving forward.

Assessment Categories:

  • Vulnerability Assessment (automated assessment of IP connected assets for known vulnerabilities/CVEs)

  • Wireless Topology (man-in-the-middle susceptibility, rouge AP detection, end point de-authentication)

  • Active Directory Security (credential disclosure, account control, in-depth crypto-review of all AD passwords)

  • Malware/AV Defenses (signature evasion, DEP/ASLR exploitation, common hash detection)

  • Network Protocols (isolation of un-encrypted channels and unsecured network services)

  • Boundary Probing (external probing, IPS evasion, isolation of attack surfaces and unfiltered ports, VPN interrogation)

Assessment Phases:

  • Passive Reconnaissance - Breadcrumb engineers will attempt to passively locate key external reconnaissance details that represent the precursor to a targeted breach. A breach profile will be generated on the organization, outlining elements such as technical staff members, vendors, employee rosters and documents exposing internal sensitive data.

  • External Assessment - Your perimeter network is attacked every day, and even small external vulnerabilities can be damaging. External network penetration testing identifies vulnerabilities on infrastructure devices and servers accessible from the internet.

  • Internal Assessment - Breadcrumb engineers approach the local area network as an attacker would on the inside. We look for privileged company information and other sensitive assets. This involves incorporating a variety of tools, uncovering user credentials, and attempting to compromise both virtual and physical machines present in the network environment.

24 Hour Hack

The 24 Hour Hack
Are you ready for the unexpected?

24 Hour Hack

The 24 Hour Hack
Are you ready for the unexpected?

Is your company ready to withstand a cyber attack?

What would your staff do if they were suddenly being targeted?

How do you validate the technology you've already purchased?

Sometimes referred to as a cybersecurity FIRE DRILL, this unique type of testing offers organizations of all sizes the opportunity to undergo cost-effective, real-world breach scenarios.

What will we do?

At an undisclosed date and time, your organization will undergo 24 hours of systematic breach efforts. This type of testing is an excellent and cost-effective way to validate incident response preparedness, current prevention strategies, and the overall responsiveness of staff to targeted breach scenarios.

What do you get?

At the conclusion of the engagement, we will provide a report containing the following:

  • Explanation of reconnaissance efforts

  • Summary of externally discovered services

  • Summary listing of all attack strategies

  • Breakdown and explanation of successful attack strategies