Penetration testing is a multi-pronged attack on a target. It often involves hacking, social engineering/pretexting, lockpicking, and other forms of trickery to get the information needed. Many times a hacker will profile your company for weeks or months before executing the final hack using a “leapfrogging” technique. They might start out by checking your social media presence, then finding the names and contact numbers of your personnel. From that information alone they can find out who’s in charge, when the staff is most likely to be out of the building, and derive who is likely the most vulnerable employee. From this point, the options are almost limitless against an untrained staff as an attacker can take their time. If they determine your IT department is exceptionally weak, they might just run a few exploits and take over your server, or they might determine that your staff is your biggest weakness and use them to get access to your servers, either via the network or actual physical access.
We utilize all tools available to us above to test the security of your establishment, and we offer training for those wanting to get into penetration testing. We teach everything from network security to lockpicking to social engineering, and we do it in an “ethics free” environment. That means that we don’t hold back what we teach so that you aren’t being taught a watered down version. We believe it is up to the individual to choose what they are going to do with the information they are taught. If you are only taught the “good” things then what will happen when you find yourself up against someone who knows “the dark side” of penetration testing? You’re going to fail, miserably.