Skip to content

Offensive Security Experts

Customizable solutions to educate clients, identify security risks, inform intelligent business decisions, and enable you to reduce your attack surface digitally, physically and socially.

Red Teaming®

A multi-layered attack simulation designed to measure how well a company’s people and networks, applications, and physical security controls can withstand an attack from an adversary.

Penetration Testing

Inspects your network, application, device, and physical security through the eyes of BOTH a malicious actor and an experienced cybersecurity expert.

Social Engineering

Commonly known as “people hacking,” we aim to identify venerabilities by accessing a system, device, or physical premises.

Is You're Company Compliant?

RedTeam Security are the experts in helping you meet your industry’s security compliance standards, from banking to healthcare, retail and beyond.

PCI Penetration Testing

NERC CIP Compliance

HIPAA Penetration Testing

FDIC Penetration Testing

Cryptocurrency Compliance

Network Penetration Testing Methodology

Each and every network penetration test is conducted consistently using globally accepted and industry-standard frameworks. At a minimum, the underlying framework is based on the Penetration Testing Execution Standard (PTES) but goes beyond the initial framework itself.

network-penetration-testing-methodology

Network Penetration Testing Steps

Intelligence Gathering

The information-gathering phase of our network pentesting methodology consists of service enumeration, network mapping, banner reconnaissance and more. Host and service discovery efforts result in a compiled list of all accessible systems and their respective services with the goal of obtaining as much information about the systems as possible.

Host and service discovery includes initial domain footprinting, live host detection, service enumeration, and operating system and application fingerprinting. The purpose of this step is to collectively map the in-scope environment and prepare for threat identification.

Threat Modeling

With the information collected from the previous step, security testing transitions to identifying vulnerabilities within systems. This begins with automated scans initially but quickly develops into deep-dive manual testing techniques. During the threat-modeling step, assets are identified and categorized into threat categories. These may involve: sensitive documents, trade secrets, financial information but more commonly consist of technical information found during the previous phase.

Vulnerability Analysis

The vulnerability analysis phase involves the documenting and analysis of vulnerabilities discovered as a result of the previous network pen testing steps. This includes the analysis of out from the various security tools and manual testing techniques. At this point, a list of attractive vulnerabilities, suspicious services, and items worth researching further has been created and weighted for further analysis. In essence, the plan of attack is developed here.

Exploitation

Unlike a vulnerability assessment, a network penetration test takes such a test quite a bit further specifically by way of exploitation. Exploitation involves actually carrying out the vulnerability’s exploit (ie: buffer overflow) in an effort to be certain if the vulnerability is truly exploitable. During a RedTeam Security network penetration test, this phase consists of employing heavy manual testing tactics and is often quite time-intensive.

Exploitation may include but is not limited to: buffer overflow, SQL injection, OS commanding and more.

Learn About The Differences Between A Vulnerability Assessment And A Penetration Test.

Reporting

The reporting step is intended to deliver, rank and prioritize findings and generate a clear and actionable report, complete with evidence, to the project stakeholders. The presentation of findings can occur via Webex or in-person – whichever format is most conducive for communicating results. At RedTeam Security, we consider this phase to be the most important and we take great care to ensure we’ve communicated the value of our service and findings thoroughly.

RedTeam Security – Here When You Need Us

We consider the reporting phase to mark the beginning of our relationship. RedTeam strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverable. We provide clients with an online remediation knowledge base, dedicated remediation staff, and ticketing system to close the ever-important gap in the remediation process following the reporting phase. Again, the underlying framework is based on the Penetration Testing Execution Standard (PTES) but RedTeam Security exceeds those standards.

We exist to not only find vulnerabilities but also to help you take steps to fix them.

Services Datasheet

Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.

Services Datasheet

Penetration Testing Resources

View all

Featured On

National TV news and media outlets often consult with us for our expertise as a
boutique, high-touch ethical hacking firm highly trained in a narrow field of cyber
security. Please click on any logo below to view the featured story.