Penetration Testing Toronto
As Ethical hackers we engage in sanctioned hacking with permission from system owners. We provide Penetration testing and Security consulting for companies in Toronto Ontario and remotely anywhere in North America by hacking the system just like hacker would do but for benign purpose. We take on the role and use the mind-set and skills of an attacker to simulate a malicious attack. We understand both sides the good and the bad and we use this knowledge to help our clients to secure their systems.
We must have explicit permission in writing from the company being tested prior to starting any activity. Legally, the persons who must approve this activity must be the owner of the company or their authorized representative. If the scope changes, we must update the contract to reflect these changes before performing new tasks.
Call us at 1-888-638-1233 for FREE assesment
Our typical hacking process for black box pen tests includes but not limited to
- Footprinting
- Scanning
- Enumeration
- System hacking
- Escalation of privilege
- We will use the exact same strategies as a malicious attacker.
- We will clearly define the rules of engagement prior to beginning the assigned job.
- We will never reveal any information pertaining to our clients to anyone but the client.
- If the client requests penetration tests stopped, we will do so immediately.
- We will provide a detailed report on our findings at the end of testing.
- We will work with the client to address all security issues related to our findings.
Please consider the following questions prior to requesting our help with pen tests
Why do you need pen test
What will be the constrains or rules of engagement for the tests
What data and services will be included as part of the test
Who is the data owner
Who will be the emergency contact
What condition will determine the success of the test
Will test be performed as Black, White or Gray hat
Will internal users be notified
When will the tests be performed
What action will be allowed as part of the test
What resources will be made available
What are the expected cost
What is the budget
What will be done with the results when presented
What results are expected at conclusion of the test
Types of pen tests:
- External pen testing simulate attacks from outside the network to evaluate perimeter defenses like firewalls.
- Internal pen testing mimic attacks originating from within the network to test internal controls and employee awareness.
- Wireless pen testing target WI-FI networks to uncover vulnerabilities in wireless security.
- Web application pen tests focus on application exposed to the internet, testing for vulnerabilities in web forms, logins, and back-end databases.
When audit conducted properly and ethically, it is a legal and valuable service that can help organizations improve their security posture. However, there are important ethical and legal considerations that pen testers must follow to avoid overstepping their authority or breaking the law. During penetrtion testing TEKYHOST will make sure that all nessesary stepas are take to make sure that pen test stays within brackets of the law and no informaiotn privacy laws are broken.
Our Testing process
Pre-Test Activities
- What operating systems are running on the servers and workstations?
- Identify critical applications.
- List any suspected or confirmed security breaches or issues in the last 12 months.
- Identify any regulatory issues that are applicable to this company.
- Does company requere physical penetration testing?
- Should the servers only be tested in off hours?
- If there have been previous security audits, penetration tests, or vulnerability scans, we will want to see those.
- If there have been previous incident reports, we will want to see those as well.
- We will verify client has completed full backups prior to penetration testing.
Note: Before TEKYHOST begins any penetration test, we need to make certain we have written authorization from someone in the company who has the authority to authorize the penetration test.
External scan:
For External portion of the penetration testing TEKYHOST consultant don’t need to be onsite. This test can be performed remotely.
Passive Scanning:
The main objective of passive scanning is to Learn technology the company uses and research for vulnerabilities that can be used in later tests.
Example of the Sites that will be researched to gather information:
Linkedin
Twitter
Facebook
Maltego
Active Scanning:
During active scanning phase of external scanning the following steps will take place:
- TEKYHOST will begin actively scanning the public facing portions of the target network.
- Nmap or other similar tools will be used to scan the gateway router and the web server.
- Note any open services and ports.
- If the company uses Wi-Fi, attempt to connect to the WAP using default passwords.
- TEKYHOST will run external vulnerability scans using automated tools.
- TEKYHOST will run at least two different scanners on the web server. Vega and OWASP ZAP
- We will utilize Metasploit scans. SSL, anonymous FTP, SQL Server, and other scans.
- TEKYHOST will run these on any public facing device to determine if any services are exposed to the outside world.
Actual Breaching:
During this phase TEKYHOST will try breaching each of the external facing interfaces.
- We will take each vulnerability we have discovered and attempt to breach them with multiple techniques.
- Assume the server is vulnerable to SQL Injection. We will then attempt to manually use SQL Injection with tools such as Burp Suite.
- We will do manual and semi-automated attacks on all identified vulnerabilities.
- In addition to other attempts to breach, we will use appropriate Metasploit attack.
- When we identify vulnerabilities, we will use the vulnerability to seek out Metasploit modules. We will then use those modules on the target.
- TEKYHOST will always try default passwords on all public interfaces.
- TEKYHOST will use several password cracking tools on all public interfaces.
Note: Depending on the nature of the test and rules of engagement, we may also use this phase to send phishing emails to a portion of the employees.
Internal:
This part of penetration test is done from inside the network.
There are two reasons for internal testing:
- Some vulnerabilities can only be found from inside the network.
- One must always be concerned with insider threats.
Tools used: Nessus, Metasploit, CyberCNS and others.
As per the rules of engagement, TEKYHOST will attempt to breach each of the servers, as well as 10% of the workstations (based upon agreement). Try to access shares, try password cracking, attempt to breach any known vulnerabilities.
We will test based on standards indicated prior to penetration test. For example, PCI DSS requires all external communication of credit card data to be encrypted. I this case TEKYHOST will test all internal and external data communication.
Additional ITEMS upon approval(optional):
- Send employees anonymous phishing email that will do something harmless such as redirecting them to a page admonishing them not to click on links, or a harmless malware attachment that just has a voice or popup telling them not to download attachments.
- Attempt social engineering via phone or in person.
Included complete vulnerability scan.
Company’s IT Policies review:
Below you will find few examples of policies that we will review.
- Password policies
- Lockout policy
- Minimum requirements
- How often passwords are changed.
- Are there any unauthorized devices or software anywhere on the network?
- Are there still accounts active for employees no longer with the organization?
Vulnerability Report and Documentation
Accurate documentation of identified vulnerabilities is essential for effective communication with our customers and the development of remediation strategies . TEKYHOST will document vulnerabilities in a clear and concise manner , providing sufficient details to support remediation efforts . Key information will be included in vulnerability documentation includes :
- Vulnerability Description : A concise summary of the vulnerability , explaining its nature , potential impact , and how it can be exploited.
- Vulnerability Scoring : Assigning scores to vulnerabilities based on industry – standard metrics like the CVSS . This helps stakeholders understand the severity and prioritize remediation efforts . •
- Technical Details : Detailed technical information about the vulnerability , including affected components , software versions , and configurations .
- Proof – of – Concept ( POC ) : Whenever possible , including a PoC to demonstrate the vulnerability’s exploitation potential . This helps stakeholders understand the real – world impact of the vulnerability .
- Recommendations : Providing actionable recommendations for remediating the vulnerability . This may include patching , configuration changes , or other mitigation techniques.
- References : Citing relevant sources , such as vulnerability databases , security advisories , or research papers , to support the documentation and provide additional context .
Best Practices for Vulnerability Remediation
Here are some best practices for vulnerability remediation
Patch Management: Regularly apply security patches and updates provided by the operating system vendor. Keeping systems up to date helps mitigate known vulnerabilities and ensures that critical security fixes are implemented.
Secure Configuration: Configure operating systems following security best practices and hardening guidelines. Disable unnecessary services, enable strong authentication mechanisms and enforce access controls to minimize the attack surface.
User Privileges: Follow the principle of least privilege by granting users only the necessary permissions to perform their tasks. Restrict administrative privileges to minimize the potential impact of a successful exploit.
Intrusion Detection and Prevention Systems: Deploy intrusion detection and prevention systems to monitor network traffic and detect malicious activities or exploit attempts. These systems can provide alerts or block malicious activities in real- time.
Vulnerability Scanning and Penetration Testing: Regularly conduct vulnerability scanning and penetration testing to identify and address potential vulnerabilities. This proactive approach helps identify and remediate weaknesses before they can be exploited by attackers.
Security Awareness Training: Educate users and administrators about secure practices, social engineering techniques, and the risks associated with operating system vulnerabilities. Increased awareness and vigilance can help prevent successful exploitation.