During an External Penetration Test, SecureState can take the perspective of a known or unknown external threat to your organization. SecureState can build a footprint of your organization using Open Source Intelligence (OSINT), Domain Name System (DNS) reconnaissance, and other techniques in order to identify all logical assets that belong to the organization. SecureState can then map the accessible services on each system and identify any vulnerabilities associated with them.
During the attack phase, SecureState attempts to breach your organization using the same tools and techniques employed by hackers in real world attacks. Common targets can include web applications, email and VPN solutions, and human assets through Social Engineering attacks. The end result is a highly comprehensive, realistic attack against your organization's external assets and users.
If successful, SecureState will then attempt to use the established foothold to compromise additional systems and networks while hunting for information sensitive to your organization. This is the most important, and yet most often overlooked, phase of a penetration test because it effectively demonstrates the impact that a breach would have on your organization. Common targets in this phase are credit card numbers, Social Security numbers and other personal information, medical information, and proprietary information to your organization (such as source code, or internal methodologies and formulas).
In the final deliverable, SecureState will provide detailed information for each vulnerability uncovered, including suggested remediation or mitigation steps. Finally, SecureState will provide a detailed step-by-step account of the breach (referred to as, "Vulnerability Linkage Theory") which explains how several less severe vulnerabilities can be linked together to achieve a complete compromise.