vPentest Automated Penetration Testing

Due to the increasing demand for enhanced Cyber Security solutions, Kriston Technology has partnered with a leading provider in automated state-of-the-art penetration testing.

By utilising the automated penetration platform we are able to offer penetration testing utilising the same toolset as manual testing but at a fraction of the cost. Each test is reviewed by a certified industry expert, but the automation capabilities now makes the service affordable for SMB  and mid-mid sized businesses.

Why does your Organisation need a Penetration Test?

Penetration tests allow organisations to assess their cyber security posture based on realistic attack scenarios, which enables them to address issues that would be overlooked if they followed a solely defensive approach.

  • Demonstrate real-world risks by simulating a malicious threat actor
  • Evaluate current security detection and monitoring controls
  • Provide businesses with remediation strategies to mitigate risk
  • Understand how attackers target their most confidential and sensitive data

Our Penetration Test Methodology

We combine multiple methodologies that were once manually conducted into an automated fashion to consistently provide maximum value to organisations.

Egress Filtering

Egress Filtering Testing

Automatically perform egress filtering to ensure that your organisation is effectively restricting unnecessary outbound traffic. Unrestricted outbound access can allow a malicious actor to exfiltrate data from your organisation’s environment using traditional methods and unmonitored ports.

Authentication Attacks

Authentication Attacks

Upon the discovery of user account credentials, vPenTest will automatically attempt to validate those credentials and determine where they are most useful. This is a common process executed by both malicious attackers and penetration testers and is performed during privilege escalation.

Privilege Escalation

Privilege Escalation & Lateral Movemet

Using a valid set of credentials, vPenTest will attempt to identify valuable areas within your organization. This is conducted through a variety of methods, including the use of Vonahi’s Leprechaun tool which assists in identifying where sensitive targets are.

Data Exfiltration

Data Exfiltration

Critical data leaving your organisation is an extremely serious concern. If access to confidential and/or sensitive data can be attained, vPenTest will simulate and log this activity to help your organisation tighten areas that should restrict data exfiltration.

Simulated Malware

Simulated Malware

With elevated access, we will attempt to upload malicious code onto remote systems in an attempt to test the organisation’s end-point anti-malware controls.

Timely Reporting

Timely Reporting

We’ll generate an executive summary, technical and vulnerability report within 48 hours after the penetration test is complete. Our detailed deliverables will allow your network staff to cross reference our activities with monitoring and alerting controls.

Automated by vPenTest

Assessment Capabilites

We offer two different automated penetration testing services to guide your organization to a better security posture and program.

 

 

 

   

Internal Network Penetration Testing

Using a device connected to your internal environment, our consultants will discover security vulnerabilities present within the internal network environment. These activities simulate that of a malicious attacker.

External Network Penetration Testing

Assuming the role of a malicious attacker from the public Internet, our consultants will identify security flaws within your external network environment. These flaws can include patching, configuration, and authentication issues.