Providing high-quality offensive and defensive security services since 2006

Advanced

Penetration testing

Penetration testing services enable organizations to identify vulnerabilities in their IT infrastructure before they are exploited by real world threats.

Netragard’s penetration testing services are delivered in three primary configurations. These configurations enable Netragard to tailor services to each customers unique requirements.

Our Penetration Testing Methodology

Real Time Dynamic Testing™

Real Time Dynamic Testing™ is an advanced penetration testing methodology that is unique to Netragard and derived from vulnerability research & exploit development practices.

The methodology is highly extensible and often incorporates components from the OWASP, the OSSTMM, bleeding edge offensive tactics, and more. Real Time Dynamic Testing™ can be delivered entirely without automated vulnerability scanning.

Our Penetration Testing

Services

Strategic Reconnaissance is the process of collecting intelligence about a target for the purpose of creating or devising a plan of action. It runs for the duration of the engagement.  

Initially it aims to passively collect detailed technical and non-technical information about a target by leveraging various Opensource Intelligence (“OSINT”) techniques and technologies.  

External Penetration Testing is carried out from the perspective of an Internet-based threat attempting to breach the targeted Infrastructure.   

Tools are used to identify known vulnerabilities while manual (research driven) testing is used identify more complex and/or novel vulnerabilities.  

In addition, Netragard uses evasive techniques to avoid detection and maintain stealth while performing lateral movement. 

Internal Penetration Testing is carried out from the perspective of an Intranet-based threat attempting to compromise internal assets and elevate privileges to the highest level.   

Tools are used to identify known vulnerabilities while manual (research driven) testing is used identify more complex and/or novel vulnerabilities.

Netragard’s Web Application Penetration Testing services combines Real Time Dynamic Testing™with the OWASP WSTG –v4.2.  This combination allows Netragard to ensure in-depth OWASP coverage while using a human driven, vulnerability research-based methodology to discover potentially novel vulnerabilities.  

The tests can be non-authenticated (without username and password) or authenticated (with username and password).

Intrusion testing offers a means of identifying vulnerabilities within a particular environment. it is generally understood as a mechanism for providing an impression of how far a malicious user could penetrate into an organization within a certain time period, and whether the organization’s incident detection and response procedures are effective in detecting potential attacks.

However, Intrusion testing does not generally offer a complete and comprehensive view of security weaknesses with any given system. Configuration reviews, also known as host based assessments, offer this alternative.

During this type of exercise, Netragard work with a technical point of contact at the customer to identify a sample set of critical devices, and perform a system review to assess items such as configuration settings, rules, and policies, to inspect if they comply with Company’s policies and/or industry generally accepted or best practices.

Netragard’s approach to Social Engineering (SE) is one of threat augmentation. 

We use SE to not only come close but to surpass what real-world actors may attempt to do in order to penetrate a company.

Our approach is highly customized in that we try to understand the purpose of the SE and design an approach and a program to specifically target the critical areas of concern (e.g. potential SE attack on key company executives).

Netragard’s approach to Penetration Testing not only covers Technology, People and Processes, but it also covers Physical Security.

Given that the impact of security as it relates to technology, dominates the hearts and minds of most individuals, they often forget that if attackers have access to a physical location, they can do as much damage as if they were to breach by using technology.

The Netragard Physical Security Assessment can be a major component of your defense.

  • PCI (Payment Card Industry)
  • HIPAA
  • SOC 2

Netragard, your partner for performing Regulatory Compliance Penetration Tests.

Many of our customers look to and trust Netragard as a Partner to accompany them along their creation and development journey.

Projects such as testing of new and innovative Medical Devices or Advanced Technologies are a routine part of our core DNA, with a highly skilled group of testers.

Our Penetration Testing Methodology

Path To Compromise

The Path to Compromise is the path that an attacker takes to move laterally and/or vertically from an initial point of breach to areas where sensitive data can be accessed.

Understanding the Path to Compromise enables organizations to deploy effective post-breach defenses that detect and prevent active breaches from becoming damaging.