Our Partners

Our Partners

Home | About Us | Services | Partners | Contact Us
Krash Consultants
Blackbox Penetration Testing
Security Assessment
Have you ever wondered what a Hacker can do posing as a “Sales Consultant” from as little access from a conference room VoIP Phone?
Time and again, we have gained Domain Administrative access with zero knowledge, prior to an assessment. Thereby, granting access to all machines connected to the Domain. We can help you identify and fix
vulnerabilities in:
❖ Web Applications
❖ Wireless Networks
❖ Telephony Equipment
❖ Critical Servers such as Active Directory, Exchange and *nix based Servers
Security assessment
How we do it!
❖ Stealth Attacks bypassing Anti-Viruses and Intrusion Prevention Systems by simulating real-world scenarios (Hackers don’t like their presence to be felt.)
❖ Our experts understand what they exploit. Test your Production Environments, without worry of any down
time.
❖ Our reports don’t contain output of an expensive commercial vulnerability scanning tool. We understand tools are just the accessory to the actual report.
Your Reports
❖ We include precise information in the reports:
❖ Comprehensive coverage of the vulnerabilities
❖ Severity - indicating the criticality of the issues found (includes CVSS scores as per industry standards)
❖ Analysis - Step-by-Step reproduction of the vulnerability so that the owners of the application/server find it easy to patch/re-configure.
❖ Recommendation - Easiest possible ways to fix the issues found.
Risk Management
We help identify key risk areas and help in the implementation of frameworks such as ISO 270001 or ITIL.
Source Code Reviews
Not only do we help in figuring out vulnerabilities from the Source Code of your Java, PHP, ASP .NET etc. codes, we help add a Security Development Lifecycle to it as well. This helps in reducing the number of vulnerabilities in the code and also increases the exploitation difficulty by Hackers.
Security Education
Are you interested to understand the offensive side of security?
It is said, Offense is the best form of Defense.
We develop custom hands-on courses with very little theory for topics such as Advanced Metasploit, Fuzzing for vulnerabilities, Malware Analysis and Writing Exploits for various client side softwares.
Our Experts
❖ We have been finding zero days since 2006 in
❖ IE 9/10/11
❖ Chrome
❖ Microsoft Excel
❖ Workshops at Hackers Conferences around the world.
❖ ZeroNights (Fuzzing for Vulnerabilities - Moscow, Russia)
❖ Nullcon (Exterme Exploitation - Goa, India)
❖ Conducted Security Assessments in the following countries Saudi Arabia, Kuwait, UAE, Bahrain, Oman, Iran, Morocco, Mauritius etc.
❖ Industry standard certifications such as CISSP, SANS, CEH etc.
Places where we improved the Security Posture!
❖ SABB
❖ Riyadh Development Authority (ADA)
❖ Arab National Bank
❖ Saudi Industrial Development Fund (SIDF)
❖ KACST
❖ Sharjah Islamic Bank
❖ National Bank of Fujairah
❖ Many more…
Copyright Amjaad Contracting Establishment 2016. . . .