Category Archives: Solutions

100% Black Box Pentest: “No holds barred”

In order to assess the security of an information system, a very pragmatic approach consists of conducting a cyberattack in the most realistic possible way. Can a security auditor really put itself in the shoes of the “bad guy”? Is it possible not to bias the tests by not providing information beforehand?

Black Box Pentest under different attacks

Yes, it is actually possible with a “100% Black Box” security audit. In this situation, the pentester starts the audit having only the name of the company as information. Up to him to discover the scope exposed to attacks and then to carry out attacks trying to maximise the impact of the tests within the time that was given.

The benefits for the company that order this type of black box audit are:

Continue reading

Internal Security Audit: What to Know About It

When we talk about computer attacks, we often think of an activist or a criminal sitting in front of his screen on the other side of the world… while half of the attacks involve internal actors, according to the Insider Threat Report 2018. In fact, 58% of respondents confirmed that they had suffered a cyberattack related to the internal threat. Protecting yourself from the inside against these attacks is therefore just as important as defending yourself from the outside.

Description

Internal Security Audit

During an internal security audit, penetration tests are conducting from inside the company or sometimes through a VPN. Most of the time, pentesters go to the company’s buildings, bring their equipment and put themselves in the shoes of an internal attacker.

Continue reading

Social Engineering: Experience feedback!

Social Engineering: Experience Feedback

We have been conducting social engineering attacks for around 3 years (legal attacks for clients, it is our job, no worry 😉 ). During these three years, our pentesters (security experts) tried various techniques, scenarios and pretexts. We have learned lessons from our experience, and our clients shared with us what they learned too. We are sharing them now with you.

1/ Social engineering in a nutshell

Before starting, let’s remember what social engineering is:

Continue reading