Offensive Security Services

  • Home
  • Services Details
image

Penetration Testing

Network penetration testing gets you an in depth list of your networks vulnerabilities.

  • Do I need a penetration test?

    Penetration testing is one of the best ways to determine what vulnerabilities exist on your network.

  • Is there such thing is "not ready" for a penetration test?

    Indeed. We encourage all of our penetration test customers to make sure the cyber security basics are done before we perform a test. This ensures you get the most value and we don't tell you things that you probably already knew.

  • What framework is used for penetration testing?

    While we don't follow any specific framework, we do leverage commonly accepted best practices. Depending on the focus of the assessment, we draw on the experience of our team members strengths. It's not common you'll find our testers running automated tools.


Application Security

Do you develop applications? Do you use custom applications? We've spent years assessing web applications. We go beyond the OWASP Top Ten and heavily leverage manual testing to make sure your applications don't introduce undue risk to your business, or your customers.

  • Are Application Security assessments required?

    Depending on your specific industry, application security assessments may be required for compliance. That being said, if you develop custom applications for internal use, or for customers, you are sure to benefit from an application security assessment.

  • What frameworks are used?

    Adversis heavily draws from industry standards such as OWASP. That being said, its pretty rare that output from tools such as Burp make up many of our findings. At Adversis, we spend a majority of the time using manual techniques looking at every. single. request. your web application makes. In fact, we go as far to limit junior testers from using automatic tools until their skills are at a point where they can intelligently use automated tools to assist them.

  • What makes Adversis qualified to perform these assessments?

    We don't mean to brag, but we're pretty good at application security. It's not uncommon for us to find creative vulnerabilities that have existed through multiple security reviews, until we got involved. Not only have we performed more assessment than we can count, but we've built applications and our analysts have multiple web related CVE's.

image

image

Red Team Engagements

Typically reserved for the mature organization, this is a black box adversary emulation. Red team engagements are goal based. As some say, an inch wide, and a mile deep.

  • What is a Red Team Engagement?

    Attackers don't necessarily care about what SSL version you're running. What they do care about, is the shorted and stealthiest path to monetizing and exploiting your business. If you find yourself asking "Can an attacker hack in and get all of PII?", or "What would it take for an attacker to deploy ransomware?", then you might want a Red Team Engagement.

  • Can I get a Red Team Engagement if I don't have a blue team?

    If you can't detect attacks, you most likely won't benefit from a Red Team Engagement. We steer customers in this position to a penetration test, where there isn't a focus on detection.

  • Is there risk involved with a Red Team Engagement?

    We've performed dozens of Red Team Engagements without impacting a business. That being said, it comes down to the goal, and how much you'd like to demonstrate impact. One practice we always follow is two person integrity, we always have two testers when sensitive system access is obtained.


Cloud Security Assessment

Our founders have created some of the original AWS security tools. We've done dozens of cloud security assessments. Lets partner to make sure your cloud environment won't end up costing more than you can imagine if you get breached.

  • Which cloud providers does Adversis have experience with?

    Our founders have released some of the original open source tooling around AWS security. We have extensive experience with AWS, Azure, GCP and others. If we've never worked with a particular "cloud provider", we'll be upfront. Luckily for us, the fundamentals stay the same so our cloud knowledge translates to every "cloud provider" you can come up with.

  • What types of cloud assessments can be done?

    None of our customers are the same. We can tailor, snip, trim and add to all of our services. Some customers just want a high level road map for cloud resilience, some customers want a thorough penetration test focused solely on a specific AWS technology.

  • How long do cloud assessments take?

    That depends on the scope. It can take from 2 weeks, up to several months depending on the size of the environment and the determined scope. Either way, it's not too often our scoping process misses something so deadlines are almost always met.

image

image

Physical Security

If physical security is one of your concerns, we can help. Typically a mixture of an unauthorized entry exercise, and a physical security audit, you will learn where your weaknesses lie, and how to fix them.

  • Can I hire Adversis to see if someone can break into my business?

    Yep. You sure can. Sometimes physical entry is an acceptable risk, and other times, it truly isn't. That's where we come in, it's one thing to think your security vendor has you covered, its another thing to know.

  • Is this a common service?

    Definitely. We've performed physical security assessments for Fortune 500 companies, from corporate headquarters to offsite data centers. It comes down to the risk physical entry has for your business. Aren't sure? We don't sell services if we truly don't think you need it, so just ask!

  • Does physical security have anything to do with cyber security?

    It depends. When we do physical security assessments, we focus on what we get access to post-entry. In many cases, we attempt to gain access to the network once we get in.