Abaxio Managed Security

How can we help you today?

About Penetration Testing at Abaxio

One of the most vital components in a comprehensive, top-down approach to cybersecurity is the Penetration Test, and for obvious reasons:  Untested promises of a network’s resilience are no longer sufficient.  Rather, trust is established by means of highly skilled but thwarted attempts to penetrate a network. Penetration testing identifies organizational weaknesses the same way an attacker would—by hacking it. This enables organizations to better understand and ultimately minimize the risk associated with IT assets.
The overall goal of a product penetration test is to uncover software vulnerabilities, demonstrate the impact of the weaknesses, and provide recommendations for mitigation.
Today, creating a truly secure IT infrastructure requires access to highly specialized knowledge, intelligence, and expertise in order to stay at least one step ahead of the evolving risks. Because Abaxio is an authority on information security, the MSP can leverage our subject matter expertise to solve these challenging business problems to deliver a higher level of customer service to its customer base.

 Meet Our Red Team Leader

Michael H. is a security consultant focused on the offensive side of security, and Abaxio’s current Red Team Leader.  He holds several GIAC certifications (GSEC,GCIH,GPEN,GISP) along with the technical Offensive Security Certified Professional (OSCP) and Offensive Security Wireless Professional.  Michael is also eWPT and eCPPT Gold Certified from eLearnSecurity.  Primary experiences include Web Application Penetration Testing and Network Penetration Testing.  As well, Enterprise Application Development background with ASP.NET (MVC/WebForms/WebAPI) and AngularJS.  Michael came from a Technology.
developer background before finding his passion in Application Security.  Having the knowledge to code is essential in taking advantage of poorly written lines of it.  He is currently studying for his GWEB Certification and has his eyes set on the CSSLP (ISC2) and AWAE (Offensive Security) Certifications. Experienced SANS Facilitator for several events, Michael is also in the process of becoming apart of SANS Quality Control team for On-Demand content.
Michael holds an A.S Degree in Software Development.

Pretexting

Fabricating a scenario to entice a target to divulge info or perform a compromising action.  Often involves prior research to make the request seem legitimate.  May also involve outright impersonation.

Phishing

Email exploit that seeks to obtain personal information.  May use threats, fear, or urgency to manipulate victims.  Often coordinated with malware or fraudulent website redirects.

Dumpster Diving

Attack using passwords, filenames, or other confidential information found in trash bins.

Shoulder Surfing

Using a direct observation technique to get information.  Commonly used to obtain passwords, PINs, security codes, and other data.  Old threat, unprecedented risk.

Baiting

Classic Trojan Horse attack.  Often involves malware-infected disk or flash drive, disguised as high value, and made to look misplaced.

Watering Holes

Website compromised via MS XML core services, Java or redirects (e.g.: invisible i-frames to BeEf servers).

Quid Pro Quo

Fraudulent offer to provide a (technical) service, such as a software update, password update, etc..

Tailgating

Unauthorized person follows an employee into a restricted area.  Attackers offer fake identity tokens or excuses for not having proper ID.  Employees may hold doors open for strangers who are holding bulky packages or boxes.