Penetration Testing
At Intrinium, we believe a first step to review your network vulnerabilities is a Penetration Test. We offer both internal and external penetration tests which are simulated cyber attacks against your entire network/website/domains to check for exploitable vulnerabilities and potential security risks. For the convenience of our clients, we execute tests either remotely from our headquarters or on-site at your company with one of our trusted consultants. These tests are performed with the intention of being the first phase within a holistic process of vulnerability analysis, prioritization, remediation, and maintenance that is our core commitment to securing your environment.
External Penetration Testing
This test reviews the network environment and the strength of the perimeter defenses against an external vulnerability, as well as the security of websites and external applications. Our threat model utilizes thousands of attacks that are used by opportunistic hackers used to compromise organizations every day.
These attacks include:
- Searching for publicly available domain registration for useful information
- Port scanning of network resources
- Identification of systems and services accessible over the Internet
- Brute force attempts with weak or default passwords
- Comprehensive Vulnerability Scanning identifying over 100,000 of the top vulnerabilities
- Manual exploitation of identified vulnerabilities in external applications
- Elimination and confirmation of false positives
Internal Penetration Testing
This test will emulate the action of a malicious actor on the internal network. Our penetration testing goes beyond a simple vulnerability assessment by performing manual attacks such as man-in-the-middle attacks. Our threat model utilizes thousands of attacks that are used by opportunistic hackers used to compromise organizations every day.
These attacks include:
- Port scanning of network resources
- Identification of systems and services accessible over the Internet or through VPNs
- Brute force attempts with weak or default passwords
- Man-in-the-Middle Attacks
- Comprehensive Vulnerability Scanning identifying over 100,000 of the top vulnerabilities
- Manual exploitation of identified vulnerabilities in applications
- Establishing persistence and enumerating the reach of a potential attacker
At the conclusion of any Intrinium Penetration Test, our success will be reflected against project deliverables and validation that meets the following success criteria:
- Completion of external vulnerability and network penetration testing module
- Documentation of detailed test findings and remediation recommendations
- Completion of executive summary testing report
- Completion of firewall assessment
- Documentation of firewall assessment findings and remediation recommendations
We are here to help, contact us today.
Extortionware: Ransomware’s Unholy Lovechild with Data Exfiltration
Approximately one year ago, Maze, the first large extortion ransomware attack came to the attention of the wider world, and since then, nine other ransomware families have joined the trend. From Sodinokibi, the descendant of GandCrab, to Maze attacks in the news, this...
Joshua Dahlstrom, Business Development Executive sits down with Wake Media Group to discuss Cybersecurity
Joshua Dahlstrom, Business Development Executive sat down with Wake Media Group to discuss Cybersecurity. From phishing to best business practices to ensure your security, this interview is full of tips that are helpful to every company.
NIST Privacy Framework
NIST Privacy Framework is consistently evolving to be inclusive and informative for all organizations regardless of vertical. As a security-first company, we are excited about this and how it will impact your business. The overall goal of the framework is to enable...
Ransomware: How to Paint a Bigger Target on Yourself
Step one: be vulnerable. Step two: pay the ransom. There’s a very good reason everyone and their dog recommends you do not pay the ransom if you get hit with ransomware- you’re making yourself a much larger target. The whole objective of ransomware is to get money out...
Phishing/Security Awareness Training with COVID
What To Look For Cyber actors, which are states, groups, or individuals who, with malicious intent, aim to take advantage of vulnerabilities and fear, may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive...
Work From Home Security Checkup
It is a quiet morning as I tightrope around the numerous obstacles in my path, slowly heading towards my home office, precariously balancing molten coffee with the fresh scent of my morning bagel in the air, in what can only be described as Cirque du Soleil maneuvers....
Remote Work Security for Defenders
With more and more companies having non-essential personnel working at home to reduce risk, we wanted to touch on some of the risks from a defender standpoint. One of the big things in my mind is that attackers are using the cover of increased remote work to try and...
Why Social Engineering Awareness is Critical to Your Business
Social Engineering is the art of exploiting human psychology to gain access to data, systems, or buildings. Have you ever received an email saying your computer needs critical system updates? Or perhaps you received a call from the ‘government’ stating you owe money?...
mitm6 Pen Testing
Summary: IPv6, we have all seen it, have been forced through subnetting it (Network Engineers, I’m looking at you), but many organizations seem to just not utilize it. While frequently staring into the monotonous output that ipconfig provides, IPv6 sits in the cold...
Best Practices: Fortinet FortiGate Firewall Hardening
By Sahan Fernando - Director, Managed Security - Intrinium As business needs continue to develop, many organizations are turning to devices to effectively provide availability, confidentiality, and integrity for their networks. The buzz around “next-gen” firewalls is...