Sababa Penetration Testing

Penetration Testing is a service, that provides practical demonstration of how strong the company’s existing security measures are. It is conducted on behalf of various intruder types to obtain maximum privileges to corporate systems.

Sababa Penetration Testing includes complex diagnostics of a company’s digital assets, aimed to identify its
individual threat vectors and areas of improvement. It aims to
• check how robust the different corporate infrastructure systems are;
• define practical cyber-attack threat vectors;
• identify active vulnerabilities and provide recommendations on their elimination.

The service brings some additional benefits, especially in the time of transformation or other changes, when people are stressed and stretched and therefore more likely to make mistakes. Sababa Penetration Testing backs up corporate security in case of a human error as well as brings confidence to the internal IT/OT security teams and allows them to focus on what is important for business.

1

PRE-ENGAGEMENT INTERACTIONS

2

INTELLIGENCE GATHERING

3

THREAT MODELLING AND VULNERABILITY ANALYSIS

4

EXPLOITATION

5

POST EXPLOITATION

6

REPORTING

Subject to penetration testing
Different assets and can be evaluated, including web and mobile applications, wireless networks, source code, Active Directories, cloud security solutions, IoT, blockchain, as well as configurations of the software used on IT and OT networks.

Pentesting modes
Based on the international reference standards, the Penetration Testing can be conducted on behalf of external or internal intruders, with different initial privileges to your network, including black/grey/white-box modes, tandem, reversal and others.

Methodology
The project goes in line with the guidelines described by the OSSTMM and OWASP methodologies, internationally recognized in the field of cyber security, vulnerability assessment and penetration test.

Red Teaming and adversary simulation
Any company has got sensitive applications, data, and other critical assets, that are scanned for vulnerabilities, assessed, and regulated by policies and procedures.

Our red team tries to outsmart your colleagues and bypass your security like a real attacker would do by:
• collecting intelligence in open source, deep web and darknet;
• calling your users from fake numbers, impersonating colleagues, customers, or suppliers;
• sending emails, letters, and weaponized USB devices.

We provide a comprehensive report with detailed remediation plan at the end of the activity.

English
Sababa Security