Ethical Hacking Testing
Find cyber security weaknesses in your digital infrastructure
The intrusion test or pentesting consists of an offensive security test that simulates a real cyber attack in a controlled environment. The objective is to identify the weaknesses that could be exploited by an attacker and thus complete threats such as theft of information, improper access, causing service failures, the installation of malware, etc.
Types of Pentestings
In the MicroHackers pentesting services portfolio, there are three types of pentestings that can be categorized as follows:
Black Box: In black box pentesting exercises, the client’s infrastructure is unknown and the pentesting team does not have prior information about assets or users.
Grey Box: In a gray box penetration test, the team in charge of the execution has partial information about the target, legitimate user accounts, information about the technologies to be tested, IP inventory, domains or other information.
White Box: In this modality, detailed information is available about the technologies, source code, user accounts, network maps, architecture, etc., prior to the start of the work.
Pentesting metodology
- Reconnaissance: Initial phase where we obtain as much information as possible about the target using different techniques.
- Identification: Identification focuses on analyzing the information collected and looking for weaknesses.
- Exploitation: In case it is possible and with the customer agreement, we proceed to exploit the vulnerabilities discovered in the identification phase.
- Reporting: A report with all the vulnerabilities discovered and the remediation fix is generated and given to the customer.