Compromising machines in the infrastructure is the endgame of any sophisticated attacker.
Attacks on the infrastructure can result in:
- Personal Data Leaks
- Leak of Company Secrets (Corporate Espionage)
- Loss in revenue, from machine downtime or data corruption
What is it?
Penetration testing company infrastructure to find vulnerabilities and exploit them, while giving concrete remediation tactics.
Attacking either specific elements or the entire infrastructure
- Domain Controllers
- IoT devices
- Miscellaneous Shadow IT
Variations/Focuses of Infrastructure Penetration Tests:
- General Infrastructure
- Active Directory
How is it done?
- Starting broad, ending narrow
- Finding vulnerabilities and machines of interest
- Exploiting vulnerabilities
- Escalating privileges on exploited machines
- Pivoting from one machine to other important machines
Typical attack methods:
- Authentication related attacks like:
- Relay Attacks
- Pass the Hash
- Rogue authentication Servers
- Insecure Passwords
- Attacking common vulnerabilities in protocols/services/OS like:
- Eternal Blue
- Dirty COW
- and much, much more
What do we deliver?
A structured report detailing the found vulnerabilities and the recommended remediation strategies.
Get in touch with our expert
Kasper Brandt, Nordic Cyber Security Lead