Nothing is safe from hacking: from password hacking to shellcode injection written for a specific occasion, social engineering adding the famous “Chair to keyboard interface” , all means are good for escalating from privilege 0 to vital resources for the company.
Cyber defense is an essential subject for all companies and services that deal with private information.
Punctual and continuous security audits
YourLabs Security Service offers a catalog of services in constantly evolving accessible in the form of specific missions for justify an obligation of means against cyber criminals up to the continuous surveillance against other threats to your business.
Personalized written report certifying levels of risk from detected vulnerabilities, with a strategic report for a half-day decision maker on optional site.
In-house training to cultivate the security mindset in a friendly setting and a fun atmosphere, in an local hacker aestetic.
Audit and counter-audit report
The blackbox audit report analyzes the results and determines the level of risk (score out of 10) of each penetration vector.
The counter-audit report serves as proof certifying that the documented vulnerabilities in the audit report are well corrected.
The “blackbox” audit scans your public area with specialized tools in networking and protocols (HTTP, DNS, SSH, …) exposed on the public network (internet).
The goal of such an audit is to identify the attack vectors across the public network and geographic area (internet, public places) before a malicious hacker exploits them in the context of ** remote attacks ** and operations gadget infiltration.
Depth limitation warning
The blackbox audit excludes further research from separate targets:
- static analysis of source code (whitebox)
- non-public thick client (mobile app, windows …)
- maintenance infrastructures for third parties who do not have given their prior written agreement in writing (customers, service providers, public services …)
- Phisical intrusion (night and day time)
The whitebox audit is typically carried out in the second phase, going through static analysis of source code and dependencies, and helps to guard against more difficult vulnerabilities but not impossible to see in blackbox.
Full pentest audit
The full pentest audit applies the results of black and white boxe audit, allowing the company to test in real situations the risks of infiltration, data exfiltration, malware installations, cookies to intercept or even modify the network on the fly, master certificates injection on fixed stations to betray protocols ciphers (https..), through high-flying tactics without breaking and entering: access badge hacking, lockpicking: doors, hard drive bay or server rack, escalation, neutralization of alarms, cameras and all kind of detectors, identity or function theft …
The full pentest audit is the best way for the company to see and fixe the security loopholes discovered at all levels.