Active Directory Security Services

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vel nulla sapien. Class aptent tacitiaptent taciti sociosqu ad lit himenaeos. Suspendisse massa urna, luctus ut vestibulum necs et, vulputate quis urna. Donec at commodo erat. Sed egestas consequat augue eu iaculis. Donec elementum pellentesque. Sed gravida, nisl ac lobortis pulvinar, augue est vulputate felis, vel pulvinar ex eros sed est. In hac habitasse platea dicssa. Duis sodales eleifend sem, nonsi semper dui consectetur on roin leoi.

Tempus eget urna id, maximus commodo odio. Lorem ipsum dolor sit amet, consectetur elits sadips. Praesent alis lacus. Nunc at vulputate justo

Why Do You Need a Network Penetration Test?

A network penetration test provides your organization with a unique birds-eye view of your security system’s effectiveness. Newer companies may not yet have a handle on their network security. Conversely, more mature companies often have large, multi-faceted networks that easily overlooked elements—particularly as more organizations move to cloud-based systems. Both of these scenarios leave the potential for catastrophic breaches.

In either case, you will be made aware of security flaws before attackers can exploit them. With this powerful foresight, business leaders will feel prepared to make informed decisions about their enterprise’s security. In demonstrating your newly hardened security posture, your clients, partners, and investors will feel confident in your ability to protect their assets, as well.

Our Services

Your perimeter network is attacked every day and even small external vulnerabilities can be damaging. External network penetration testing identifies vulnerabilities on infrastructure devices and servers accessible from the internet.

External penetration testing assesses the security posture of the routers, firewalls, Intrusion Detection Systems (IDS) and other security appliances which filter malicious traffic from the internet.

White Knight Labs engineers approach the local area network as an attacker on the inside. We look for privileged company information and other sensitive asset s. This involves incorporating a variety of tools, uncovering user credentials, and attempting to compromise both virtual and physical machines present in the network environment.

The benefit of this engagement is in ensuring a breach of your external network will not result in a breach of your assets.

Wireless Network Pentesting

Wireless (WiFi) networks may be susceptible to a myriad of attacks, depending on the wireless clients, access points, and wireless configurations. New exploitations against WiFi networks are being developed every day, such as the recent KRACK vulnerability which allowed malicious actors to break the encryption protocol between most routers and connected devices.

Wifi is a hotly pursued target, as a compromise of the wireless network is generally the fastest means to the internal network. Poor configuration and weak protections could leave your internal information exposed to anyone in range with a laptop or smartphone. As such, White knight tests the range of the network in addition to the range of potential vulnerabilities. This includes testing for ‘Wireless Bleeding,’ where we identify the distance at which a potential attacker can pick up your wireless signal.

Our Network Pentest Methodology

White Knight Labs excels at operating under a structured, repeatable methodology. We stress this concept in every engagement to ensure our findings are reliable, reproduceable, and of excellent quality. As such, our vulnerability assessments can always be verified by your team, both before and after remediation. To get these results, we adhere to the following steps:

1 – Network Scope

Effective communication with the client organization is emphasized here to create an operating environment comfortable to both parties. During this phase, we accomplish all of the following:

Outline which assets of the organization are open to be scanned and tested.
Discuss exclusions from the assessment, such as specific IP addresses or services.
Confirm the official testing period and timezones, if relevant

2 – Information Gathering

White Knight Labs ’ pentester collect as much information as they can on the target, employing a myriad of OSINT (Open Source Intelligence) tools and techniques. The gathered data will help us to understand the operating conditions of the organization, which allows us to assess risk accurately as the engagement progresses. Targeted intelligence might include:

External network IP Addresses and Hosting Providers
Known credential leaks
Domains in use by the organization
Misconfigured web-servers and leaked data
IoT systems in use by the organization

3 – Enumeration and Vulnerability Scanning

In this phase, we utilize a variety of automated tools and scripts among other methods of advanced information gathering. We also take the time to closely examine all possible attack vectors. In the next stage, this gathering and planning will be the basis for our exploitation attempts.

Enumerating subdomains and directories
Open ports or services
Checking possible misconfigurations against cloud services
Correlating publicly and proprietary vulnerabilities with applications on the network

4 – Attack and Penetration

After careful preparation, focus turns to exploiting the discovered network vulnerabilities. Rhino engineers begin working to prove the existence of conceptual attack vectors while preserving the integrity of the network. At this point in the engagement, we begin the following tasks:

Compromising sandboxes and test environments
Using breached credentials or brute force to access privileged information
Combining attack vectors to pivot across the network or escalate our position in it