Security Audit and Pentest

Perform a detailled security assessment of computers and networks.

Approaches and goals:

  • Investigate network and application layers
  • Find design and implementation flaws
  • Find network and operating system misconfigurations
  • Local or remote, blackbox or graybox
  • Check for existing operational security (OPSEC)
  • Check for OWASP Application Security Risks
  • Match w/ publicly known vulnerabilities
  • Attack classes and methods:

  • Brute force, pass-the-hash and cracking
  • Local/Remote File Inclusion (LFI/RFI)
  • Server-Side JavaScript (SSJS)
  • Cross-Site Scripting (XSS)
  • SQL-Injection (SQLi)
  • Privilege Escalation (PRIVESC/PE)
  • Pivoting, Man-in-the-Middle (MitM)