Advanced Penetration Testing

Advanced Penetration Testing Services

Advanced

Advanced Penetration Testing

Penetration testing services enable organizations to identify vulnerabilities in their IT infrastructure before they are exploited by real world threats.

Netragard’s penetration testing services are delivered in three primary configurations. These configurations enable Netragard to tailor services to each customers unique requirements.

Our Methodology

Real Time Dynamic Testing™

Real Time Dynamic Testing™ is an advanced penetration testing methodology that is unique to Netragard and derived from vulnerability research & exploit development practices.

The methodology is highly extensible and often incorporates components from the OWASP, the OSSTMM, bleeding edge offensive tactics, and more. Real Time Dynamic Testing™ can be delivered entirely without automated vulnerability scanning.

Cybersecurity Human Performance

Our Results

Path to Compromise

The Path to Compromise is the path that an attacker takes to move laterally and/or vertically from an initial point of breach to areas where sensitive data can be accessed.

Understanding the Path to Compromise enables organizations to deploy effective post-breach defenses that detect and prevent active breaches from becoming damaging.

Our Penetration Testing

Levels

Netragard offers an extensive range of professional services and a high degree of specialization. We serve both private and public companies.

Silver

A Silver Level Penetration Test is consistent with industry standard penetration testing services. The Silver Level relies on automated vulnerability scanning and manual testing to discover known vulnerabilities. ​

Gold

A Gold Level Penetration Test ensures maximum technical depth and coverage, provides deep technical testing for network connected devices and web applications using Netragard’s Real Time Dynamic Testing™ methodology. ​

Platinum

A Platinum Level Penetration Test provides Realistic Threat Penetration Testing™ including the use of RADON™ (safe malware developed by Netragard), distributed metastasis, advanced social engineering, and stealth testing.​

Our Penetration Testing

Specialties

We offer a range of penetration testing services to identify the threats and vulnerabilities your organization faces allowing you to focus on the remediations with the most impact to your threat profile.

External Penetration Testing is carried out from the perspective of an Internet-based threat attempting to breach the targeted Infrastructure.   

Tools are used to identify known vulnerabilities while manual (research driven) testing is used identify more complex and/or novel vulnerabilities.  

In addition, Netragard uses evasive techniques to avoid detection and maintain stealth while performing lateral movement. 

Internal Penetration Testing is carried out from the perspective of an Intranet-based threat attempting to compromise internal assets and elevate privileges to the highest level.   

Tools are used to identify known vulnerabilities while manual (research driven) testing is used identify more complex and/or novel vulnerabilities.

WiFi Penetration Testing is performed either through a Roamer appliance with WiFi capabilities (antenna and software) or physically on-site. During testing Netragard will attempt to discover and exploit both known and novel vulnerabilities in Wireless Access Points (AP), WiFi network communications between users and the AP, configurations, etc. Passive attacks will be deployed to gather intelligence about WiFi networks and active attacks will be used to exploit any vulnerabilities. Additionally, Netragard will make note of any non-Customer WiFi networks that are discovered.

Web Application Penetration Testing enables organizations to discover and remediate vulnerabilities in Web Applications and APIs.  This service incorporates the 1OWASP-WSTG as appropriate and ensure OWASP top 10 coverage at a minimum. 

Clients who provide mobile applications to their customers often require mobile application penetration testing.  This service uncovers vulnerabilities in apps and provides detailed methods for remediation.  Testing can be done against iOS and Android applications.   

Social Engineering enables organizations to test against attackers attempting to manipulate them through deception using ‘social’ entry points.  Social Engineering can be carried out through a variety of vectors, or entry points, that include phone calls, emails, social networking, in-person meetings, job applications, and more.  Vectors are selected based on client requirements and intelligence gathered during reconnaissance. 

Physical Security Assessments enable clients to identify and resolve vulnerabilities in their physical offices, warehouses, labs, and other areas.  This service aims to identify the ways that physical security can be bypassed for the purpose of making entry into an otherwise restricted area.  This service is ideal for datacenters, labs, banks, and other areas that require a high degree of physical security. 

- For More Information -

We Protect You From People Like Us.

Karen Huggins

Chief Financial, HR and Admin Officer
Karen joined the Netragard team in 2017 and oversees Netragard’s financial, human resources as well as administration functions. She also provides project management support to the operations and overall strategy of Netragard.
 
Prior to joining Netragard, she worked at RBC Investor Services Bank in Luxembourg in the role of Financial Advisor to the Global CIO of Investor Services, as well as several years managing the Financial Risk team to develop and implement new processes in line with regulatory requirements around their supplier services/cost and to minimize the residual risk to the organization.
 
With over 20 years of experience in finance with global organizations, she brings new perspective that will help the organization become more efficient as a team. She received her Bachelor of Finance from The Florida State University in the US and her Master of Business Administration at ESSEC Business School in Paris, France.

Philippe Caturegli

Chief Hacking Officer
Philippe has over 20 years of experience in information security. Prior to joining Netragard, Philippe was a Senior Manager within the Information & Technology Risk practice at Deloitte Luxembourg where he led a team in charge of Security & Privacy engagements.

Philippe has over 10 years of experience in the banking and financial sector that includes security assessment of large and complex infrastructures and penetration testing of data & voice networks, operating systems, middleware and web applications in Europe, US and Middle East.

Previously, Philippe held roles within the information system security department of a global pharmaceutical company in London. While working with a heterogeneous network of over 100,000 users across the world and strict regulatory requirements, Philippe gained hands-on experience with various security technologies (VPN, Network and Application Firewalls, IDS, IPS, Host Intrusion Prevention, etc.)

Philippe actively participates in the Information Security community. He has discovered and published several security vulnerabilities in leading products such as Cisco, Symantec and Hewlett-Packard.

He is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), PCI Qualified Security Assessors (PCI-QSA), OSSTMM Professional Security Analyst (OPSA), OSSTMM Professional Security Tester (OPST), Certified in Risk and Information Systems Control (CRISC)and Associate Member of the Business Continuity Institute (AMBCI).

Adriel Desautels

Chief Technology Officer
Adriel T. Desautels, has over 20 years of professional experience in information security. In 1998, Adriel founded Secure Network Operations, Inc. which was home to the SNOsoft Research Team. SNOsoft gained worldwide recognition for its vulnerability research work which played a pivotal role in helping to establish today’s best practices for responsible disclosure. While running SNOsoft, Adriel created the zeroday Exploit Acquisition Program (“EAP”), which was transferred to, and continued to operate under Netragard.
 
In 2006, Adriel founded Netragard on the premise of delivering high-quality Realistic Threat Penetration Testing services, known today as Red Teaming. Adriel continues to act as a primary architect behind Netragard’s services, created and manages Netragard’s 0-day Exploit Acquisition Program and continues to be an advocate for ethical 0-day research, use and sales.
 
Adriel is frequently interviewed as a subject matter expert by media outlets that include, Forbes, The Economist, Bloomberg, Ars Technica, Gizmodo, and The Register. Adriel is often an invited keynote or panelist at events such as Blackhat USA, InfoSec World, VICELAND Cyberwar, BSides, and NAW Billion Dollar CIO Roundtable.