Our customized threat modeling identifies vulnerabilities within your security posture that puts your most valuable organizational and client data — the crown jewels — at risk.
Our security audits and vulnerability assessments are based on industry standards and best practices to assess weaknesses in your cloud environment and network, as well as mobile and web-based apps.
Our sophisticated testing services delve into your network, smart devices and other systems to expose critical security deficiencies.
A vulnerability assessment sweeps your network and looks for missing patches or common misconfigurations that could result in a security breach.
Automated scripts containing tens of thousands of known vulnerabilities can be used by hackers to find ways into your organization. We have access to the same tools that hackers use and can find the weaknesses in your network. Our tools detect service versions with documented errors, common misconfigurations, and exposed services so you can get to work repairing them.
We get it, you have mission critical systems that you're afraid to patch for fear of operational downtime. Maybe you already know about some of the weaknesses, but don't have the resources to patch everything or can't get management buy-in. Consider this: the vulnerability that brought down Equifax in July of 2017 was disclosed publicly that March, yet had not been patched, resulting in the exposure of the personal information − including SSNs − for 147 million people, costing Equifax $700 million.
We begin by performing reconnaissance on your organization's network to determine the project scope. We dig deep, often finding systems you thought had long since been decommissioned or had been isolated from untrusted networks. Besides traditional network scanning of your IP addresses, we spider through DNS records, certificate transparency logs and web archives, looking for related servers and services.
We then custom configure our vulnerability discovery system to target your technology stacks and turn it loose to run hundreds of thousands of checks in a safe and controlled manner against your network. We even have small, yet powerful, attack “dropboxes” that we can install in your datacenter or on your workstation networks to scan internal systems.
This creates a — sometimes massive! — list of potential vulnerabilities, and this is where most companies stop. Vulnerability discovery scanning will often highlight areas of weakness that have already been patched or are protected by other controls. These false positives can drive your developers, engineers, and system admins crazy!
If you had the resources to hunt down every finding from the list, you would have already patched every system and service. We don't just hand your teams a raw list of potential weaknesses, we actually inspect each finding to determine its validity. We take what we know about your organization and the verified findings to develop a custom mitigation plan so you can maximize your resources to address the issues most likely to affect your security posture.
Do you already have a vulnerability assessment report but can't get traction to plug the holes? We can develop proof-of-concept attacks to grab convince decision-makers so the issues get the attention you know they deserve!
Learn how we've helped our valued clients improve their security posture and mitigate risk through network vulnerability testing.
Through our rigorous recon process, we discovered a forgotten VPN server that was missing several critical patches and provided a path into the organization.
We discovered a publicly-exposed Redis server that was missing a critical patch and had indicators of compromise that the organization was unaware of.
Our team of consultants have not only exploited these vulnerabilities, but we also have real-world experience building and maintaining secure environments in Fortune 500 companies. We know the challenges with trying to attain timely 100% patching goals and we know how to guide you towards fixing your weaknesses in the most realistic manner. Contact us to discuss your information security goals today.
Check out our blog to get the latest infosec how-to articles, best practices and strategies written by our offensive security experts. Cyber crime isn't going anywhere, so stay informed and on top of it!
Are you wondering how to get started with embedded device security testing and what tools are needed for hardware hacking? Whether you are trying to reverse engineer and hack an embedded system or are looking to make modifications to an IoT device, part one of our Hardware Hacking Lab series will introduce you to some of the physical tools we rely on most to perform our smart device security assessments. Look for additional posts later that will walk through the hardware and software tools needed to get started.
The recent wave of WannaCry ransomware attacks has shed a lot of public light on the Windows SMB remote code execution vulnerability patched by MS17-010 and has fortunately resulted in organizations applying the security update to prevent further infections. While much of the focus has been on patching desktops and servers, it’s easy for many organizations to continue to neglect devices running the Windows Embedded 7 OS.
The level of knowledge sharing that takes place within infosec is amazing! Many security researchers take time to publish their scripts, tips, successes, and failures on Twitter for all to see, so as a security professional, it’s important to learn how to effectively use Twitter to hone your craft.
Red teamers can learn new tactics, techniques, and procedures (TTPs) by following other red teamers. Blue teamers can learn new detections or preventative controls published by other blue teamers.
You might not know how at-risk your security posture is until somebody breaks in . . . and the consequences of a break in could be big. Don't let small fractures in your security protocols lead to a breach. We'll act like a hacker and confirm where you're most vulnerable. As your adversarial allies, we'll work with you to proactively protect your assets. Schedule a consultation with our Principal Security Consultant to discuss your project goals today.
© 2020 FRACTURE LABS, LLC ALL RIGHTS RESERVED