- Security Audit
- Ethical Hacking
- Security Consulting
- Penetration Testing
- Source Code Review
- Training and Coaching
Internal Penetration Testing
Internal penetration testing, also known as internal pentest, focuses on threats and risks surrounding internally connected systems, should them be related to an inside attacker or to a corporate computer which is remotely used by an external hacker to reach sensitive company's assets without facing its perimeter defenses.
The most demanded modules of internal penetration test include the following:
Client-Side Applications Attack
Client–Side applications attacks combined with social engineering are very efficient and complex to detect. The module verifies resistance of the application layer (e-mail clients, browsers, office and PDF programs) within local user-machines to a large number of application attacks.
Trojan Horse Attack
Trojan horse remains one of the most used and successful attacks today. Attacker keeps full control over compromised machine, stays invisible and can do whatever he wants inside of the system. This module of internal penetration test will check your firewall and IDS/IPS capabilities to identify and block Trojan horses and backdoors, as well as local security of user-machines.
Malicious Employee Attack
This module simulates behavior of a malicious employee who has a privileged access to a number of local IT resources, or who is trying to escalate his privileges and access rights. Log-management systems, behavior-based IDS and IPS will be carefully tested, as well as user rights segregation and access-level control.
Social Engineering and Phishing
Naive or deceived employee can cause serious damage to your information system, by opening doors and granting unauthorized access to malicious persons. High-Tech Bridge experts will test psychological skills, respect of corporate security policy and procedures during the Social Engineering module of internal penetration testing.
Malicious or Unauthorized Content
Malicious or unauthorized content module tests if content filters of your information systems (email, web and others) are correctly blocking all the malicious or unauthorized content in conformity with corporate security policy and security best-practices.