What is it about?
From internal network systems to the Internet, via wireless, VoIP, teleconferencing and similar networks, CryptoNet Labs’ network level Offensive Security services aim to identify, validate, classify and assess vulnerabilities of services and systems exposed in different environments.
This activity, called Vulnerability Assessment, takes into account the entire spectrum of network components: routers, switches, firewalls, web and application servers, mail servers, DBs, ERPs (e.g. SAP) and other back-end systems.
If requested by the client during the engagement phase, a Penetration Test is carried out, simulating a computer attack that exploits these problems to violate the system, in width or depth: for example, obtaining unauthorized access to one or more targets (exploitation); performing vertical “privilege escalation”, to obtain the privileges of the system administrator; or performing horizontal “lateral movement”, replicating the attacks on neighbouring targets.
CryptoNet Labs bases its activity on the experience gained by its specialists over the years, but even more so on the accurate and comprehensive results.
They are achieved through a skilful mix of automated scans, manual testing and review activities, as well as through an careful combination of all the most advanced commercial or open source tools.
The discrimination of false positives and the use of international standards to classify and assess the degree of severity (e.g. CVE, CWE, OWASP Top 10 and CVSS) are extremely important in the preparation of the final deliverables.
Who can benefit from it?
All organisations that have services critical to the business or sensitive (in relation to different rules or regulations), exposed publicly or internally, without neglecting Wi-Fi networks, VoIP systems and videoconference and therefore need timely checks on the exposure to risk of their technological infrastructure. Also to comply with national regulations, international standards and industry best practices.