Think about Black Hills Information Security Services. Well, according to John Strand, Owner of Black Hills, the main goal is to help customers. Yes, we all want that! Moreover, Black Hills Information Security provides customers with precise solutions.
So, let’s dive into the testing and services they offer. And perhaps, you’ll find some spark to get in touch with them.
External Penetration Test
During this test, Black Hills InfoSec will do a vulnerability scan. Yes, they’ll scan your company’s externally facing (public) systems.
Then, they’ll manually check issues.
Internal Penetration Test
Next, this test involves port and vulnerability scans. Also, the service includes testing computers, databases, and devices. Well, another thing is testing all networking equipment on in-scope networks.
Then, they’ll conduct a validation phase. For what? Well, to weed out false results. Yes, to verify the scan results.
Furthermore, they’ll include ones labeled as “Low” or “Informational”. Also, probing the in-scope networks manually. Thus, ensuring more security.
Pivot (Assumed Compromised) Test
This is a test involving, starting as a least-privileged user. In the test, it attempts to gain access to other systems and know sensitive information.
Also, heighten privileges on the network, and pivot to other areas of the network. The test starts with a normal user credential to seek possible threats from least-privileged users.
In the long run, your company will know the “unknown unknowns”. As a result, you’ll understand the risks and raise the bar correctly.
Web Application Penetration Test
In this test, it revolves around web applications. Black Hills Information Security will perform an in-depth assessment of web applications. Thus, ensuring that vulnerabilities are discovered.
Moreover, the process takes both manual and automated inspections.
Command And Control & Data Exfiltration Assessment
During a C2 assessment, it is a test of your organization’s ability against threats.
- How will your company detect and prevent various malware?
- Also, how will you block incoming malware that is sent via email?
- Then, how will you stop sensitive data from leaving your company’s network?
In a red team engagement, testers try to model a threat actor. So, there’s a team attempting to get into your security.
Because it is a test, only a few of the company knows the situation.
Also, since testers try to fly under the radar of target security teams, red team engagements take more time and effort.
Moreover, red team engagements need attacks made for each specific engagement.
So, Black Hills Information Security only recommends specific organizations to partake in the test. Only if they have had regular vulnerability assessments and penetration tests in the past should they’d be allowed.
Mobile Application Assessment
During this stage of the test, it studies the security surrounding mobile applications. Yes, this points to apps that the business and customers use.
Moreover, it includes evaluating application-level vulnerabilities. Also, matters dealing with API calls made to your servers.
In a Wireless Penetration test:
- Mapping your company’s wireless footprint.
- Finding rogue access points.
- Assess the overall security of the wireless systems that are in place.