Security Audit & Pentest

Perform a detailed security assessment of IT infrastructure.


Approaches and goals:

Investigate network and application layers
Spot design and implementation flaws
Spot network and operating system misconfigurations
Execution: Local or remote, blackbox or graybox
Check for existing operational security (OPSEC)
OWASP Web Application Security Testing (WSTG)
Match w/ publicly known vulnerabilities


Attack classes and methods:

Brute force, pass-the-hash and cracking
Remote Code Execution (RCE)
Local/Remote File Inclusion (LFI/RFI)
Cross-Site Request Forgery / Scripting (CSRF/XSS)
Database Injection (e.g. SQLi)
Privilege Escalation (LPE/PX)
Pivoting/Proxying, Man-in-the-Middle (MitM)
Manual Vulnerability Exploitation and Verification