Security Audit & Pentest

Perform a detailed security assessment of computers, networks and network services.

Approaches and goals:

  • Investigate network and application layers
  • Spot design and implementation flaws
  • Spot network and operating system misconfigurations
  • Execution: Local or remote, blackbox or graybox
  • Check for existing operational security (OPSEC)
  • OWASP Web Application Security Testing (WSTG)
  • Match w/ publicly known vulnerabilities
    •

    Attack classes and methods:

  • Brute force, pass-the-hash and cracking
  • Remote Code Execution (RCE)
  • Local/Remote File Inclusion (LFI/RFI)
  • Cross-Site Request Forgery / Scripting (CSRF/XSS)
  • Database Injection (e.g. SQLi)
  • Privilege Escalation (LPE/PX)
  • Pivoting/Proxying, Man-in-the-Middle (MitM)
    •
  • Manual Vulnerability Exploitation and Verification