|Blackbox Penetration Testing|
you ever wondered what a Hacker can do posing as a “Sales Consultant”
from as little access from a conference room VoIP Phone?
again, we have gained Domain Administrative access with zero knowledge,
prior to an assessment. Thereby, granting access to all machines
connected to the Domain. We can help you identify and fix
❖ Web Applications
❖ Wireless Networks
❖ Telephony Equipment
❖ Critical Servers such as Active Directory, Exchange and *nix based Servers
|How we do it!|
Stealth Attacks bypassing Anti-Viruses and Intrusion Prevention Systems
by simulating real-world scenarios (Hackers don’t like their presence
to be felt.)
❖ Our experts understand what they exploit. Test your Production Environments, without worry of any down
Our reports don’t contain output of an expensive commercial
vulnerability scanning tool. We understand tools are just the accessory
to the actual report.
❖ We include precise information in the reports:
❖ Comprehensive coverage of the vulnerabilities
❖ Severity - indicating the criticality of the issues found (includes CVSS scores as per industry standards)
Analysis - Step-by-Step reproduction of the vulnerability so that the
owners of the application/server find it easy to patch/re-configure.
❖ Recommendation - Easiest possible ways to fix the issues found.
We help identify key risk areas and help in the implementation of frameworks such as ISO 270001 or ITIL.
|Source Code Reviews|
only do we help in figuring out vulnerabilities from the Source Code of
your Java, PHP, ASP .NET etc. codes, we help add a Security Development
Lifecycle to it as well. This helps in reducing the number of
vulnerabilities in the code and also increases the exploitation
difficulty by Hackers.
Are you interested to understand the offensive side of security?
It is said, Offense is the best form of Defense.
develop custom hands-on courses with very little theory for topics such
as Advanced Metasploit, Fuzzing for vulnerabilities, Malware Analysis
and Writing Exploits for various client side softwares.
❖ We have been finding zero days since 2006 in
❖ IE 9/10/11
❖ Microsoft Excel
❖ Workshops at Hackers Conferences around the world.
❖ ZeroNights (Fuzzing for Vulnerabilities - Moscow, Russia)
❖ Nullcon (Exterme Exploitation - Goa, India)
Conducted Security Assessments in the following countries Saudi Arabia,
Kuwait, UAE, Bahrain, Oman, Iran, Morocco, Mauritius etc.
❖ Industry standard certifications such as CISSP, SANS, CEH etc.
|Places where we improved the Security Posture!|
❖ Riyadh Development Authority (ADA)
❖ Arab National Bank
❖ Saudi Industrial Development Fund (SIDF)
❖ Sharjah Islamic Bank
❖ National Bank of Fujairah
❖ Many more…