Network Infrastructure Penetration Test

The service is aimed at entities that use or implement an IT infrastructure in their operations. The service aims to analyze the infrastructure examined in terms of identifying security vulnerabilities. It is an offensive activity aimed at assessing a computer network's resistance to a simulated attack. It is a controlled attempt to break through security of a server, group of servers, or computers in a local network. 

It can be performed in different approaches depending on testers' knowledge of the infrastructure: Blackbox, Graybox, Whitebox.  

The course of the penetration test process will be as follows:

• Gathering information - about the tested object based on the Internet,
• Network mapping - analysis of the computer network of the tested object,
• Vulnerability identification - searching for vulnerabilities based on the obtained information,
• Penetration - gaining unauthorized access to the system,
• Privilege escalation - an attempt to elevate privileges and extend the range of access to the infrastructure,
• Further penetration - obtaining additional information about the system, e.g. running processes, in order to enable further breach of security of individual system components,
• Removal of traces - elimination of all traces of activity in the form of files, logs, system integrity tests, etc, proving that the attack was carried out,
• Preparing a report,
• Verification of corrections made by the customer,
• Preparation of the final report.

Implementing the service requires undertaking limited organizational and technical actions to adapt it to the project. The risk of its provisioning is related to changing technical and legal conditions in the IT area (medium level). Counteracting and mitigating actions will include monitoring of changes and development of experts' competences in the desired directions.

Service provided by the CyberSec project.

Do you have questions or do you need detailed information? Email us with questions.