Services: Security Assessment & Penetration Testing Services
Endure Secure is skilled in providing penetration testing and security assessments of computer networks, software, web applications, and physical facilities. We can also test the response of your staff in various social engineering exercises. All security assessments conclude with a detailed report of our findings and recommendations.
Internal Penetration Testing takes place within your corporate network, testing for vulnerabilities and security mis-configurations that could be exploited by an attacker who has gained access to your network, or an insider threat.
Endure Secure are certified penetration testers, specialising in testing all operating systems and implementations, including Microsoft, Linux, Mac, IoT and OT devices, and cloud networks.
Techniques used include:
- Bypassing security controls such as evading anti-virus tools,
- Privilege escalation,
- Exploiting vulnerable services or misconfigurations,
- Moving laterally through the network and bypassing segmentation controls,
- Capturing ‘flags’ that have been established during the initial scoping call, such as gaining access to sensitive information or obtaining administrative access.
External Penetration Testing involves the testing of all public assets for vulnerabilities and security mis-configurations that could be exploited by an attacker to gain access to your internal network or otherwise cause disruption.
Endure Secure are certified penetration testers and specialise in discovering and exploiting vulnerabilities in systems including web applications and servers, email servers, load balancers, VPN concentrators, terminal servers, and cloud networks.
External Penetration Testing is commonly combined with Internal Penetration Testing to test the end-to-end attack path.
Wireless Penetration Testing
Wireless networks expand the attack surface of your organisation beyond the four-walls of your offices. Attackers in close proximity may be able to snoop on sensitive traffic or gain access to your network without any physical access to your devices and endpoints using off-the-shelf tools and free software.
Endure Secure specialise in testing wireless devices from all vendors, and all network implementations, including:
- WiFi (802.11x)
- WPA1, WPA2, WPA3,
- WPA2 Enterprise,
- Guest networks,
- Segmented networks,
- Ad-hoc wireless networks,
- Wireless IoT and OT devices.
- Bluetooth (802.15.1).
Physical Penetration Testing
Without physical security, all the technical security controls will not prevent determined attackers from gaining access to sensitive information or disrupting critical services. Endure Secure specialise in testing the physical security of your offices and facilities using the same techniques used by sophisticated threat-actors, including:
- Testing of NFC and RFID technologies (swipe/access card locks),
- Gaining access to secure areas,
- Bypassing locked doors, security guards, gates, fences, CCTV, and alarm systems.
- Social engineering and tailgating.
Physical Penetration Tests are often combined with technical Internal & External Penetration Tests, demonstrating scenarios where an actor could gain access to a computer network after bypass
Red Team Simulation
Red Team Simulations combine all the attack techniques, such as penetration testing, social engineering, and phishing, into a single engagement. For these exercises, the scope is expanded as much as possible to simulate a highly resourced, sophisticated, and determined attacker.
A set of objectives or ‘flags’ may be defined for the testers to achieve, such as gaining access to physical locations, exfiltrating data, and obtaining administrative access to computer systems.
These engagements provide a holistic view of the cyber security and the response capability of your entire organisation.
Purple Team exercises see our security testing team collaborating with your security operations teams. In other words, the Red Team and Blue Team working together to test whether our attacks are detected by your security controls and security teams. When an attack isn’t detected, we work with your team to tune security controls so that they are able to detect the attack before moving on to testing other types of attacks.
Endure Secure can work with your team to come up with a series of attacks your team wishes to be able to detect based on relevant cyber threat intelligence indicators.
Phishing is arguably the most common and effective cyber security attack, often leading to malware infections, ransomware, wire fraud, and credential theft. The best defence against phishing is security awareness, and the best way to measure your staff’s awareness of phishing attacks is to conduct ongoing Phishing Simulations.
Endure Secure can deliver one-off or ongoing phishing campaigns, providing you with actionable metrics, reports, and dashboards. Our campaigns are fully customisable, from which user(s) to target, to the content of the emails, to the frequency of the phishing emails.
We can also integrate with your existing security awareness campaigns or assist you in building one.
Social Engineering Simulation
It is often said that humans are the weakest link in any organisation. Endure Secure can test whether that is true with yours. We can target certain individuals or teams, attempt to gain specific information, or attempt to gain access to computer networks or facilities.
Our social engineering methods include:
- Phone calls/VoIP calls (Vishing),
- Emails (Phishing),
- SMS (Smishing),
- Social media,
- Instant messaging,
- and face-to-face.
Other Security Assessments
With the increasing adoption of cloud technologies, hybrid networks, VPN usage, and SaaS applications, it’s no longer always a simple task to understand what assets you own, where they reside, and how they appear to potential attackers.
A Perimeter Assessment is a discovery exercise, identifying all of your public facing assets and identifying security misconfigurations and vulnerabilities.
An Open-source Intelligence (OSINT) Assessment Takes a holistic view of all the information that exists about your organisation to the public such as:
- Company websites,
- Social media profiles and posts,
- Git repositories
- Online reviews,
- Forum posts,
- Job advertisements,
- Freedom of information requests,
- Current and historical IP addresses, domain names, and DNS records
- Email addresses, and,
- Phone numbers.
Endure Secure then analyses all data points, discovering any potential weaknesses, system misconfigurations, information leaks, or sensitive information.
Endure Secure specialises in creating, facilitating and customising gamified table-top exercises. A Table-top Exercise walks your team through a hypothetical cyber security attack, observing their incident response decisions and their understanding of roles, responsibilities, and procedures.
As well as being great team-building, Table-top Exercises are crucial in identifying and filling any gaps in the incident response plan before an actual incident occurs.
Contact Endure Secure: Security Assessment and Penetration Testing
Endure Secure is available to answer your Security Assessment and Penetration Testing enquiry within 8 business hours. Please include as much information as possible for your request.
Please contact us using the form below, email us at [email protected], or call us on 0420 231 893