Ever wondered if a skilled hacker can break into your website, infrastructure, business application, wireless (guest) network, mobile device, etc? I can give you that insight by mimicking a hacker in what is called an ethical hack or penetration test. I believe a penetration test is far from a scan with standard scanning tools. Every test is a custom job.
After we agree on what the exact components are in scope, I will test how effective the IT security measures are. Once weaknesses are identified these are exploited in a controlled manner in order to identify the technical and the business impact.
I believe the actual testing is only part of the job. An equal important part is you understanding and knowing the way forward. In my reporting I find it important you not only receive the identified findings, but also receive a quality management summary of the findings and their impact, along with main recommendations.
Where the goal of a penetration test is to test the security of a strictly defined IT scope, the goal of red teaming is to test your organisation's resilience to real world attacks; attacks that include techniques and objects you might not even have thought about.
A red team may combine many different types of attacks (e.g. social engineering, physical security testing, malware dropping, etc.), spreads out their attacks over a longer period of time, builds custom tools and may include the use of exploits not publicly known, strives to stay hidden for a longer period of time, gains multiple ways of persistent access and exfiltrates data.
We believe an equally important step of red teaming is after the attack when we present the results. We believe in extensive sharing and presenting of all steps and details with your defensive team. Only this way we can maximise the learning effect.
As red teaming requires many different hacking skills in order to be most effective, Linq42 teams with other professional hackers that add to the total skill set of the red team. All team members will be known to you before the start of the engagement.
Sometimes you just want an expert's advice on an IT security topic you are battling. Maybe you are developing a product and want an external view on it's security setup. Maybe you want advice on your cyber security strategy. Perhaps you want an assessment of the risks associated with the use of a certain application within your IT environment. Or maybe your team requires in-depth IT security training or security awareness so they better understand how to build better defences.
What I find important in my advisory services is that I'm independent, skilled and tailored to your needs. Wether you need a second opinion, a risk assessment, or support in an ongoing project, contact me to see if I can be of help.
An IT audit is a thorough assessment of both technical configurations as well as administrative processes and governance of a given object. If you require such an assessment there are many IT auditors that can help you with this. Unfortunately many lack the technical expertise to perform an in-depth assessment. That's why I focus on IT audits of technical systems and components while keeping in line with official guidelines and regulations from certification bodies. Im qualified to perform these audits as Im a registered IT auditor (RE) and CISA certified.
To give you a better idea of my experience I've provided a short selection of some of the engagements performed in the last few years: