Red Team
Services (RTS)

CIPHER SERVICES >

> Penetration Testing

Cipher gives you peace of mind knowing that your company is secure by putting your people, processes, and technology to the test.

Penetration testing (also referred to as pen testing) is the practice of examining a computer system, network or application to find vulnerabilities that an attacker could exploit. The assets within a company’s network should be tested on a regular basis utilizing real-world scenarios that emulate the actions of an external and internal attacker.

The number of entry points into corporate networks is often increasing due to company growth and new technology being incorporated. Many organizations are required to perform pen testing at least annually as part of being compliant with industry’s mandates.

Cipher has helped companies and organizations around the world stay secure since 2000. Our team of ethical hackers are experienced and trained in the latest tools and advanced techniques utilized by attackers. We use the best and most well-known frameworks and methodologies in the market, such as NIST SP 800-115, Technical Guide to Information Security Testing and Assessments, and Open Web Application Security Project (OWASP) .

Cipher effectively emulates sophisticated attack scenarios that impact organizations. The results of every penetration test completed by Cipher are included in a detailed, actionable report on the systems and network identified, exploitation results, tactical and strategic recommendations.

Cipher Penetration Testing is:

Tailored to Your Needs

Cipher provides white box, grey box and black box penetration tests.

Different scenarios call for different types of penetration tests. In black box penetration tests, the tester has no information about the system. In grey box tests, they have some information. In white box tests, they have passwords and other items to gain access. In some cases, areas will be off-limits for the tests as well. Cipher’s experts will consult with your organization to determine what scope if appropriate to meet your goals.

img-desenho-vulnerability

img-desenho-rt

Real World Scenarios

Cipher’s ethical hackers think like the adversary.

Our team of experts perform the simulated attacks by going through each phase of the cyber kill chain. The exercise will see how the Blue Team defenders respond. The ethical hackers start by conducting reconnaissance and proceed through infiltration to exploitation. Cipher ethical hackers use the same tools as actual malicious hackers. The toolbox includes well-known kits like Kali Linux, Metasploit and other custom tools selected for the job at hand. Social engineering can also bring into play to see how your team members respond.

Important for Compliance

Cipher’s penetration testing service allows you to meet compliance guidelines.

The importance of penetration testing is recognized by organizations that validate cybersecurity. For example, Payment Card Industry (PCI) compliance involves a quarterly penetration test. When we conduct the test, we pay close attention to the guidelines and criteria involved. Maintaining compliance with regulations and adhering to the law is important to maintain brand reputation and conduct business without interruption.
.

PenTest_compliance

PenTest_mobile

Penetration Test for Mobile Apps

Cipher can test your mobile applications to test security.

As networks expand and new software is developed, the number of entry points increases. Mobile application use has skyrocketed in the last decade. Ensuring your company’s mobile apps on operating systems like iOS and Android is critical. There can be a false sense of security that apps are more secure than websites or other areas. We can test using different devices and scenarios to make sure data is not leaked and the system is secure.

Action Plan to Improve

Cipher prepares a comprehensive report that can be used for compliance and to improve.

The report that we compile following the penetration test includes:

Scope analysis

Tests performed

Vulnerabilities found

Vulnerabilities exploited

Strengths encountered

Recommendation to fixes to issues discovered

In addition to a report, the Cipher experts will be available to answer any questions on the results and findings.

ico-11

Penetration Testing Podcast Episode

Listen to one of our senior penetration testers give some expert tips on our Podcast.

We cover the difference between a vulnerability assessment and penetration test. The Cyber Kill Chain components, including phishing and web server exploits are discussed. The guys also go over noteworthy attack techniques and tactics. Finally, we touch on application security testing works.

Cookie Preferences

What are cookies? Cookies are small data files that are installed on the user's computer or mobile device and allow the user to store or retrieve the information generated by their activity on the network, through their computer or their mobile device. This improves and personalises the user's experience of the website and the services it offers.

Select the type of cookie that this page can use during your browsing:

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_86671402_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_id	never	This cookie is set by Segment.io to check the number of ew and returning visitors to the website.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
CONSENT	16 years 3 months 14 days 7 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
driftt_aid	2 years	The driftt_aid cookie is an anonymous identifier token set by Drift.com for tracking purposes and helps to tie the visitor onto the website. The cookie also allows Drift to remember the information provided by the site visitor, through the chat on successive site visits.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
ajs_group_id	never	This cookie is set by Segment.io. The purpose of the cookie is currently not identified.
AnalyticsSyncHistory	1 month	No description
debug	never	No description available.
drift_aid	2 years	No description
drift_campaign_refresh	30 minutes	No description available.
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.