Security Audit & Pentest

Perform a detailed security assessment of computers, networks and network services.

Approaches and goals:

  • Investigate network and application layers
  • Spot design and implementation flaws
  • Spot network and operating system misconfigurations
  • Execution: Local or remote, blackbox or graybox
  • Check for existing operational security (OPSEC)
  • Check for OWASP Application Security Risks
  • Match w/ publicly known vulnerabilities
  • Attack classes and methods:

  • Brute force, pass-the-hash and cracking
  • Local/Remote File Inclusion (LFI/RFI)
  • Server-Side JavaScript (SSJS)
  • Cross-Site Scripting (XSS)
  • SQL-Injection (SQLi)
  • Privilege Escalation (PRIVESC/PE)
  • Pivoting, Man-in-the-Middle (MitM)