Pentesting and Red Teaming
Let HackDefense’s experienced Ethical Hackers test your application, network or web site. We deliver a report that is understandable for management, and that includes technical appendices recommending concrete, detailed steps to solve the issues we’ve identified. With Red Teaming, we’ll help you test and improve detection measures.
Ransomware Vulnerability Assessment
Any company can fall victim to ransomware. Criminals break into your network using a phishing e‑mail, or through the VPN for remote access. Then, they attempt to extend their access so they can encrypt all of your data, including backups. The ransom they demand usually runs into the hundreds of thousands — and many companies have no choice but to pay up.
HackDefense can help you stop this scenario from becoming a reality. We test whether their methods to break in work against your network, and if they do, we’ll advise you how to secure it.
Red Teaming means that we hack our way into your network, aiming to work with your Blue Team to learn and adapt to the latest hacking techniques. With more than ten years of experience in these assignments, we can simulate any attack scenario, evading detection and other security measures. A closing session with your SOC/Blue Team is always included. Our aim is to make you more secure!
Working with our Threat Intel partners we can also conduct Red Teaming using the European Central Bank’s TIBER standard.
Web application pentest
Our well-educated, certified pentesters are very experienced in finding security flaws in web applications. Of course we use the OWASP Top 10 as a guide, but we thoroughly search for ways to compromise your application like SQL injection, Cross-Site Scripting and Cross-Site Request Forgery, whether they are in the Top 10 or not.
We make sure we know the latest hacking techniques en can tell you exactly whether or not your application is vulnerable. So that you won’t find yourself in the news with a data breach.
Firewalls are not what they used to be. Modern IT Security requires working on the assumption that someone may have penetrated your network’s perimeter. Because a user clicked on a link in a phishing e‑mail, for example.
HackDefense tests what a hacker can then do: is he (or she) able to quickly become Domain Administrator and make off with all your confidential information? Or is internal security robust? HackDefense highlights what issues hackers could abuse, so where improvements are possible.
Applications that use DigID (Dutch government) authentication have to undergo an annual audit. Part of this audit is a penetration test. Our thorough tests provide a lot of insight into the application’s security. We also link our results to the Dutch government’s security standards for web applications and DigID audit standards so that our report fits perfectly into the wider audit report.
Mobile application pentest
Mobile apps require a very different pentesting method. The security risks are not all the same as for other kinds of applications (see, for example, the OWASP Mobile Top 10) and so a pentest requires a different approach. HackDefense tests your application for resistence to attacks on their network connection, but also whether other apps on the same device can read or write your app’s data, for example. We prefer including source code in our review, but installing your app on one of our test devices is an option too. Contact us to discuss possibilities!
Our testing team consists only of ethical hackers with a completed Computer Science degree, so we don’t shy away from some source code. To the contrary! Aided by static analysis of the code, preferably alongside a running instance of the test object, we provide you with insights into potential security holes in the software you are building and/or using.
Phishing Tests / E‑Mail Penetration Tests
HackDefense founded the Phishingtest.com service (a joint venture with our colleagues at Audittrail) and provides the technical know-how when testing organisations’ vulnerability to (spear)phishing and ransomware. Using Phishingtest.com, you can make your employees aware of the threat posed by phishing and spearphishing, by e‑mail and using text messages. Also, we provide you with insight into your e‑mail infrastructure’s robustness against these kinds of attacks.
OSINT stands for Open Source Intelligence: what can be found about you online? Could be anything: configuration files, lists of passwords — has anyone hacked your database and posted it somewhere? HackDefense can map out your“digital footprint” of confidential data, and advise you about what can be done.
A Wi-Fi network’s signal can reach (far) outside your building. What can hackers do with that? Is it possible to obtain access to the internal network using this Wi-Fi signal?
Another potential attack vector is the guest Wi-Fi, that is not always fully separated from the internal company network.
The ethical hackers at HackDefense can test your Wi-Fi security for these issues and provide answers to these questions.