Detection Services
Offensive security: hacking, web petesting and red team services.
Find your weaknesses
Through our Offensive Security services you will be able to analyze and evaluate your company's cyber defense capabilities. Discover how your security plan performs against a team of advanced adversaries taking action, and learn how to effectively protect your critical assets and operations.
Find your vulnerabilities through Ethical Hacking
-
Find security flaws and configuration errors before your adversaries do.
-
Upgrade your defenses to be able to face the latest Tactics, Techniques and Procedures used by advanced malicious actors in their attacks.
-
Ensure that the security team maintains the appropriate level of alert to ensure maximum protection.
Methodology
- We simulate the malicious behavior of real adversaries, emulating the Tactics, Techniques and Procedures (TTP) used in real attack scenarios, without putting your organization or its operations at risk.
- We demonstrate the business impact that a real attack could cause to the company, giving visibility on potential attack vectors and objectives.
- We detect information and critical assets at risk.
- We locate the vulnerabilities present in your environment, helping to identify the company's risk levels, and proposing valid mitigation mechanisms in the context of your company and its operations.
Phases of a service
-
1
In an initial meeting we analyze your needs and requirements to adapt to the project.
-
2
We plan the exercise or campaign based on these needs in a Kick Off meeting.
-
3
We execute the exercise following the guidelines, standards and procedures defined previously.
-
4
We deliver reports with an executive summary, technical explanations and resolution details.
-
5
The project ends with a high-level presentation of the results obtained to all interested parties.
Detection Services
Red Team
We evaluate the detection and response capacity of your organization, analyzing the technological level, your processes and the people involved in them.
Internal and external pentesting
We detect risks on the attack surface exposed to the Internet and on the internal surface of your company.
Social engineering
We simulate phishing and spear phishing attacks to evaluate the capabilities of your employees.
Hacking over wireless networks (WiFi)
We technically audit the cybersecurity failures of your wireless networks.
Web security audit
We perform pentests on your applications and web services following the OWASP methodology.
Mobile App Security Audit
We evaluate the vulnerabilities of your mobile APPs following the OWASP Mobile methodology.
IIoT security audit
We perform pentests on your ICS infrastructure to evaluate its resilience against external and internal attacks.
Cloud infrastructure security audit
We analyze the specific security risks of your Cloud environments, regardless of the type of service (IaaS, Paas or SaaS) or cloud (AWS, Azure, etc.).
Source code audit
We audit the security of the source code of your applications through automatic and manual analysis, proposing improvements that solve possible vulnerabilities.
Active Directory Audit
We evaluate the security of your Active Directory, including the analysis of your domain accounts, your security policies, configurations and monitoring of good practices (Sysvol, Laps, Krbtgt, etc.)
Reverse engineering and hardware hacking
We review potential cybersecurity failures by reverse engineering your applications and hardware assets.
Hacking banking systems
We evaluate the cybersecurity of your devices and banking systems such as ATMs, POS terminals or payment gateways.
Ransomware simulation
We emulate the behavior of ransomware actors to evaluate your company's ability to overcome these types of threats.
Denial of Service (DoS) Testing
We simulate DoS and DDoS attacks using the same techniques and tools used by cybercrime to verify the resilience of your assets.