What We Do
Ethical Hacking
We conduct controlled attacks in order to discover vulnerabilities
This is also known as Ethical Hacking, Penetration Testing or Security Testing. Regardless of the title, the aim remains the same, to find flaws before an attacker does.
The attacks we perform use the same tools that a malicious individual would employ. Unlike a hacker however, the only step we will take is to inform you of any vulnerabilities so that you can take steps to correct the problem. All our findings are written in a report and detailed only to the relevant, authorised individuals. In particularly sensitive matters, the information may be given as a verbal report only.
Vulnerability Assessment / Penetration Test
We define a Vulnerability Assessment as a test where potential exploits are identified but not performed. We detail the vulnerabilities using the Secunia database, so that the information is always up to date and readers of the report can get further information if required.
Having completed a Vulnerability Assessment, we can additionally perform a full Penetration Test. We then execute attacks to exploit the network and confirm the vulnerabilities. This also allows us to demonstrate how far the exploitation would allow an attacker to gain access to the target network.
Types of attacks
There are various models of attacks which can be performed and we can help to choose which one is most appropriate to your particular situation.
Minimum disclosure attack (Black box attack)
In this model, the testers are not given any information in advance about the type or scope of the network. Apart from the company owners/directors and possibly relevant managers, the IT team controlling the network are kept in the dark about the attack.
By doing this, a targeted attack without inside knowledge can be simulated and the IT team's reactions are tested because they also form part of the network's system.
Full disclosure (White box attack)
In the white box model, the penetration team are given full network details and diagrams in advance. This can allow for a better test, as all attacks can be tailored to the existing network.
Partial disclosure (Grey box attack)
Obviously this model is somewhere between black and white ones. Depending on what is required, the IP range to be tested might be disclosed, but not the systems running behind them. This could be useful if specific systems should be avoided during the test, or the client wishes to focus the attack on a particular area of a larger network.
Other Attacks
The attacks detailed above are usually performed remotely across the Internet but we can also carry out other sorts of attacks such as:
- Insider Access Penetration Test
- 802.11x Wireless Network Test
- Wireless Bluetooth Test
- Physical Access Test
- Rogue Equipment Check
Other Services
We have also been involved in a number of other security-related projects, each one unique and often merging our security knowledge with other skills such as programming. For example, we have written software which translates satellite tracking data into a webpage viewable using Google Maps. Using this software, we have helped out Frodo's Warriors, a team taking part in a charitable race called "The Mongol Rally" in which competitors try to get from London to the Mongolian Capital, Ulaan Bataar, in any old, low value car under 1000cc.
Additionally we provide a number of regular IT Support services for a select number of local companies. This is at our discretion and is normally at the customer's request only.