We are a diverse team of offensive security professionals who are meticulously following industry standard trainings as well as developing our own Deloitte methodologies, including commonly used penetration testing techniques, tools and risk management. Moreover, we have proven experience across various engagements, spanning different industries and sectors. Our dedicated penetration testing team is also known for its research and open source work in the cyber security community.

Our team holds numerous industry-recognized certifications, we present at security conferences, and regularly participate in Capture the Flag (CTF) competitions to further enhance our skills. These certifications come from industry standard certification authorities like Offensive Security, SANS, eLearn security, Pentester academy, etc.

We provide our services in 1 packaged offering or divide the focus of our testing attention across multiple years, still aiming to provide a comprehensive view on an organisation’s security posture from a penetration testing perspective.

Our ultimate goal when performing penetration tests is to provide our clients with a realistic view on potential vulnerabilities, by staying as close to the actual modus operandi of hackers. We want to perform tests that cover one or more stages in the cyber kill chain as to provide adequate assurance to our clients.

These stages can be broken down as follows:

1. Reconnaissance: This planning phase of the operation includes harvesting information (OSINT), selecting targets, etc.;
2. Weaponisation: During this preparation and staging phase we link exploits and backdoors into deliverable payloads. We also work on bypassing common detection tools and techniques when required;
3. Delivery: The operation is launched, a weaponised bundle is delivered to the victim via e-mail, website, USB, etc.;
4. Exploitation: The found vulnerabilities are exploited by the payload in order to execute code on the victim’s system;
5. Installation: The malware is installed on the asset, making sure a persistent backdoor is available;
6. Command and Control: A channel to the attacker is established to gain remote control over the compromised asset of the victim;
7. Actions on objectives: From the compromised position the attacker will fulfil their objectives by gaining access to the wanted data or achieve elevated privileges to maximise the impact.

We conduct testing in a structured and standardised manner. This means that our tests are performed to a consistently high standard, and reduces risk, while still allowing our professionals to be creative, and apply a wide range of tools and techniques to identify vulnerabilities.

Important to mention is that our advice transcends the typical technical nature of Ethical Hacks. Thanks to our multidisciplinary team we will add business insights to our advice, allowing our clients to better understand how these security issues might impact their business and/or operational activities.

Organisations need to conduct periodic Ethical Hacks to continuously assess weaknesses and vulnerabilities to prevent cyber attackers from potentially breaching defences. These Ethical Hacks include the following assessments:

Infrastructure security test

Perform a network-based security test that simulates a hacker attacking your IT infrastructure. This assessment includes vulnerability scanning associated with the risks of the systems in the internal or external network, followed up with manual verification and exploitation of identified issues.

Application security test

Perform an in-depth security assessment to discover vulnerabilities caused by programming errors, configuration weaknesses, or faulty assumptions about user behaviour of the web or mobile application. These tests can be performed with 3 different levels of transparency:

• Black Box: The testing team does not receive any application documentation except for a very light overview of the application purpose and does not get any credentials. This level of transparency emulates a threat actor that does not have any prior knowledge or access to the application;
• Grey Box: The testing team receives minimal information about the application but is provided with accounts with different access levels. This level of transparency emulates a threat actor that has gained access to the web application;
• White Box: The testing team receives access to the source code of the application and accounts with different access levels. The source code can be used to hunt for vulnerabilities in the source code and validate them on the web application when possible. This level of transparency emulates a threat actor that has gained access to the code of the application.

Wi-Fi security test

Simulation of an attack on the wireless network infrastructure of the organisation. In doing so, we will attempt to gain access to the internal network by exploiting potential vulnerabilities in the configuration and software of the access points.

Configuration review

In a System Configuration Review, the relevant security settings are analysed on an agreed upon IT infrastructure component, for example a web, application or database server or a firewall. The configuration is compared to best practices and industry standards.

Phishing simulation

A social engineering based test that simulates a hacker attacking the human element of your organisation. This involves testing how the employees respond to phishing e-mails that try to coax them into providing direct or indirect access to information or systems.

Red Team simulation

A red team engagement to mimic a real-world threat using tactics, techniques and procedures (TTPs) of a chosen threat actor. It can also be used to test the detect and alert capability of the blue team defending the organisation.

Physical security test

A physical security test that simulates a hacker gaining unauthorised access to your premises. This involves testing measures in place to prevent unauthorised access to the office buildings and or critical data centres.

Threat Hunting

During a Threat Hunting exercise we will proactively search for ongoing attacks and other suspicious activities in the organisation’s environment that have evaded detection by existing security solutions.