WE INSTILL CONFIDENCE BY PENTESTING
REDTEAM
KEY FIGURES
EXPERTISE
INTRUSION TESTING(IT)
A penetration test follows an iterative cycle of four phases:
Reconnaissance: Auditors explore the target to understand its technical and functional architecture.
Vulnerability Discovery: Depending on the technologies present, a manual search for vulnerabilities is conducted.
Exploitation: Identified vulnerabilities are exploited to confirm their presence and assess their impact.
Pivot: Exploitation may provide access to new components of the target, leading to a new analysis phase.
REDTEAM
Objective: Conduct a service with the aim of a realistic attack, typically represented in four major steps:
Open Source Research & Reconnaissance: Gathering information from publicly available sources to understand the target’s digital footprint and potential vulnerabilities.
Social Engineering: Utilizing psychological manipulation to exploit human behavior and gain unauthorized access to the target system.
System Access: Attempting to gain entry into the target system using various methods, including exploiting vulnerabilities, weak credentials, or misconfigurations.
CONFIGURATION AUDIT
The configuration audit aims to verify the implementation of security best practices on a logical or physical security device.
NEVERHACK auditors rely on various standards and best practice guides depending on the specific equipment and client context (such as ANSSI, NIST guides, etc.).
Firewalls
Switches
Virtual server templates or workstations (Windows & Linux) And more.
ARCHITECTURE AUDIT
NEVERHACK auditors rely on various standards and best practice guides depending on the specific equipment and client context (such as ANSSI, NIST guides, etc.).
This service will encompass a documentation review and exchanges with technical counterparts to validate various elements such as deployed software or hardware solutions, not only their positioning but also their roles and configurations.
Prerequisites:
Technical Architecture Document (description, diagrams, flow matrices, etc.)
Risk Analysis
Technical and operational constraints
MOBILE AUDIT
Mobile application audits are typically divided into three major stages as described below (not exhaustive):
Reconnaissance: Gathering information related to the publisher. Gathering application-specific information.
Static Analysis: Application review (searching for hard-coded elements, poor practices, or any elements posing a risk). Analysis of application behavior (APIs, URLs, data storage, etc.). Attempts to misuse APIs, etc.
Interception and traffic analysis
Dump and memory analysis
Testing SSL pinning
Attempted injections, fuzzing, etc.
HARDWARE AND IOT AUDIT
Connected devices and the Internet of Things (IoT) are becoming increasingly prevalent in our daily lives.
IoT devices contain proprietary and personal information, access and communicate with various services, through which sensitive information may transit.
This is why it’s crucial to ensure a high level of security for these devices.
SOURCE CODE AUDIT
In order to carry out the source code audit under the best conditions, NEVERHACK proposes the following approach for technical tests:
Technical tests:
Automated review
Manual review
Non-Disclosure Agreement (NDA)
Specifications
Naming conventions
Source code(s)
PHISHING CAMPAIGN
We work with large corporations to help them protect their information assets by implementing strategies for securing architectures, applications and sensitive data (structured and unstructured) in an extended enterprise context (Cloud, B2B, Open API).
• Application security
• CISO support (policies, dashboard, ISO27k…)
• Project risk assessment and management
• Awareness & training Personal data management (GDPR)
