About Penetration Testing at Abaxio
One of the most vital components in a comprehensive, top-down approach to cybersecurity is the Penetration Test, and for obvious reasons: Untested promises of a network’s resilience are no longer sufficient. Rather, trust is established by means of highly skilled but thwarted attempts to penetrate a network. Penetration testing identifies organizational weaknesses the same way an attacker would—by hacking it. This enables organizations to better understand and ultimately minimize the risk associated with IT assets.
The overall goal of a product penetration test is to uncover software vulnerabilities, demonstrate the impact of the weaknesses, and provide recommendations for mitigation.
Today, creating a truly secure IT infrastructure requires access to highly specialized knowledge, intelligence, and expertise in order to stay at least one step ahead of the evolving risks. Because Abaxio is an authority on information security, the MSP can leverage our subject matter expertise to solve these challenging business problems to deliver a higher level of customer service to its customer base.
Fabricating a scenario to entice a target to divulge info or perform a compromising action. Often involves prior research to make the request seem legitimate. May also involve outright impersonation.
Email exploit that seeks to obtain personal information. May use threats, fear, or urgency to manipulate victims. Often coordinated with malware or fraudulent website redirects.
Attack using passwords, filenames, or other confidential information found in trash bins.
Using a direct observation technique to get information. Commonly used to obtain passwords, PINs, security codes, and other data. Old threat, unprecedented risk.
Classic Trojan Horse attack. Often involves malware-infected disk or flash drive, disguised as high value, and made to look misplaced.
Website compromised via MS XML core services, Java or redirects (e.g.: invisible i-frames to BeEf servers).
Fraudulent offer to provide a (technical) service, such as a software update, password update, etc..
Unauthorized person follows an employee into a restricted area. Attackers offer fake identity tokens or excuses for not having proper ID. Employees may hold doors open for strangers who are holding bulky packages or boxes.