SENSEI ENTERPRISES, INC.

Call Us at 703.359.0700 or Toll Free 877.978.3440

Click Here For Live Support Make A Payment
Cyber Incident Hotline
Call Us at 703.359.0700 or Toll Free 877.978.3440
  • Home
  • About
    • Corporate Officers
    • Sensei Gives Back
    • Certifications
    • Partnerships
    • Current Job Openings
    • The Adventures of Sensei’s Sherlock
  • Services
    • Managed Information Technology Services
    • Managed Cybersecurity Services
    • Digital Forensics
    • Free Technology and Cybersecurity Assessments
    • Ask the Tech Experts
    • Cloud Solutions
    • Mobile Phone Deleted Text Message Recovery
    • Cybersecurity Awareness Training
    • Cybersecurity Maturity Model Certification (CMMC)
    • DIGITAL DETOX
    • Client Testimonials
    • Why Choose Sensei?
  • News & Publications
    • All News & Publications
    • Sensei News
    • Articles
    • Podcasts
    • Publications
    • YouTube Videos
    • Ride the Lightning Blog
    • Your IT Consultant Blog
    • Digital Forensics Dispatch Blog
  • VADER ONLINE
    • About VADER ONLINE
    • VADER ONLINE FAQS/HOW TO VIDEOS
    • VADER ONLINE Webinars
  • Seminars
    • Upcoming Seminars
    • Archived Seminars
    • Our Most Popular Seminars
    • Speaker Michael Maschke
    • On-Demand CLEs
    • Book Sensei Speakers
  • FAQ
    • FAQ: Digital Forensics
    • FAQ: Managed Cybersecurity
    • FAQ: Managed Information Technology Services
  • Contact Us

Penetration Testing

Sensei recommends that all companies perform some form of a penetration test at least annually. This test is a security exercise in which a certified ethical hacker attempts to find and exploit vulnerabilities and weaknesses in defenses within a company’s information systems. The purpose of this simulated and controlled exercise is to identify any weaknesses in a company’s security defenses which attackers could use to gain access to the firm’s internal systems and information. If weaknesses are discovered, this test allows us to provide recommendations on how to remediate those weaknesses, making the company’s security stronger.

Types of tests that Sensei performs:

Physical Security Test – This test looks for flaws in the physical security practices of the target organization.  We attempt to gain access physical office space (rooms, buildings) or try to take sensitive equipment such as laptops, desktops, USB drives or recycling bins out of target facilities without being noticed or stopped.

Stolen Equipment Test – This test involves obtaining a piece of equipment, such as a laptop, from the target organization and then trying to extract data from it in a laboratory environment.

Cryptanalysis Attack – This test focuses on bypassing or breaking the encryption of data stored on a local device or network.

Product Security Test – This test looks for security flaws in software products, such as exploitable buffer overflow conditions, privilege escalation flaws and the exposure of unencrypted sensitive data.

Network Services Test – This is the most common form of testing that involves finding target systems on the network, looking for vulnerabilities in their underlying operating systems and network services, followed by attempting to exploit them remotely.

Client-Side Test – This test is designed to find vulnerabilities within and exploit client-side software, such as browsers, media players and document-editing programs.

Web-Application Test – This test looks for vulnerabilities in web-based applications deployed in the target environment.

Social Engineering Test – This test involves attempting to convince a user into revealing sensitive information, such as a username or password, or to convince a user to click on a suspicious link within an email message.  These tests are conducted over the phone or through email, targeting users and evaluating processes, procedures and user awareness.

Phases of Ethical Hacking

Reconnaissance – is the process of investigating the target organization to gather information about it from publicly available sources, such as domain registration services and websites. 

Scanning – is the process of finding openings in the target organization, such as internet gateways, available systems, listening ports and vulnerability lists.

Gaining Access – ethical hackers exploit target systems to compromise them, possibly getting control of them either to extract data from the target, or to use that device to then launch further attacks on other targets.

Maintaining Access – in this process, ethical hackers require taking steps to be persistently within the target environment in order to gather as much data as possible.

Covering Tracks – Hackers attempt to cover tracks by deleting logs and removing any trace of their activities from the host systems.  As an ethical hacker, it’s important to follow these same steps in order to see if a system can avoid detection and return to a state of non-recognition by the host network’s administrators.

Sensei’s Penetration Process

Preparation – During this part of the process, after the execution of a Non-Disclosure Agreement (NDA), we discuss the nature of the test with target personnel and sign off on permission and notice of danger of testing.  A Rules of Engagement is drafted and executed by all parties.

Testing – In this part of the process, the testing of the network is carried out.  Testing can take anywhere from a couple days to a few weeks.

Conclusion – At the conclusion of the testing, the results are analyzed and evaluated in preparation of drafting the report deliverable. The technical details and business implications are described in detail in a final report.  As findings are addressed, single issue retests could occur, or an entire comprehensive retest may happen.  Some engagements may conclude with a final wrap-up presentation.

Sensei’s Reporting Format

Executive Summary – This brief up-front material is meant for executives who may not read the full report, providing them with the most important conclusions from the work.

Introduction – This component describes the project at a high-level, answering the who, where, when, and why aspects of the project.

Methodology – This part of the report describes the “what” of the project.  What did the team do?  It covers the process of the penetration test or ethical hacking engagement.

Findings – This section presents the actual findings, listed one by one, in the target environment with detailed technical descriptions.  The findings are sorted so that the most significant risk issues are discussed and addressed first.

Conclusions and Future Considerations – This last section summarizes the project results and replicates the Executive Summary.  It may also include future considerations for items to test more comprehensively or to defend their information systems more effectively. We also provide a list of recommendations along with pricing in this section.

Appendices – The report appendices include lengthy outputs from the tools run during the execution of the engagement. This may contain screen shot elements, describing how a scan was performed and what output was gathered to prove existence of a vulnerability or exploit and how a hacker could potentially gain access to sensitive data.

Questions? Need Help?

Please contact Director of IT/ Senior Cybersecurity Consultant Jeff Fox at or at 703.359.0700.

How May We Help You?

    Your Name (required)

    Email Address (required)

    Service of Interest (required)

    Message (required)

    BOOK

    Cybersecurity

    • Services
    • Managed Cybersecurity Services
    • Cyber Incident Hotline
    • Managed Cybersecurity Services
    • Penetration Testing
    • Phishing Simulations
    • Ransomware
    • Incident Response
    • Policy & Procedure Review
    • Security & Network Auditing
    • Security Evaluation
    • Vulnerability Assessments
    • FAQ: Managed Cybersecurity



    Award Winning Cybersecurity and Electronic Evidence Blog by Sensei’s President



    Information Technology Blog by Sensei’s Vice President

     

    Digital Forensics Blog by Sensei’s Forensics Team


    Podcasts

    John+and+Sharon+Digital+Detectives   new+digital+edge+200
    Call us at 703.359.0700 or toll free 877.978.3440
    ccemsce mcitp ccnp cissp

    See all certifications »

    © 2021 SENSEI ENTERPRISES, INC. | 3975 UNIVERSITY DRIVE, SUITE 225, FAIRFAX, VA 22030 | LICENSED SECURITY SERVICES BUSINESS (DCJS# 11-6444)

    | Privacy Policy |