Step1 – Reconnaissance
Our Penetration Testers begin with comprehensive reconnaissance and intelligence gathering. Detailed information is gathered about systems, business processes, information flows and the technology that supports business operations.
Step2 – Prioritisation and Planning
Armed with essential information about the existing systems, our Penetration Testing team will prioritise the most likely threats your organisation faces. An approach to develop a testing framework that minimises any disruptions to your operations is developed in consultation. Briefing are provided at every step of the Penetration Testing journey to ensure the engagement runs smoothly and delivers the outcomes needed.
Step3 – Exploitation
CyberCX combines the use of advanced automated technologies, together with specialist manual techniques that have been honed over years of experience. This ensures accurate identification of exploits and detection of the most obscure vulnerabilities.
Members of our Penetration Testing team are highly trained and qualified with certifications ranging from CREST, CISSP, OSCP and many more.
CyberCX follows Penetration Testing standards including:
- CREST – Leading International Penetration Testing Standard
- The Open Web Application Security Project (OWASP)
- The National Institute of Standards and Technology (NIST)
- Open Source Security Testing Methodology Manual (OSSTMM)
- Penetration Testing and Execution Standard (PTES)
- Australian Government Security Policies and Guidelines
Step4 – Reporting and Remediation
At the conclusion of any Penetration Testing engagement a comprehensive report will be delivered that is appropriate for both executives and your internal Security / IT teams.
Reports detail all uncovered vulnerabilities and exploits. Findings are prioritised according to risk level, providing for a clear, actionable list of remediation recommendations to harden your security posture.
Remediation activities include detailed instructions and screenshots, enabling the internal security teams to replicate the exploits, obtain visual perspectives of the vulnerabilities, whilst achieving an understanding of the nature and criticality of the risks.
CyberCX can also conduct post-exploitation debriefing sessions. These sessions can provide:
a) Technical debriefing for system administrators and engineers to transfer knowledge of the lessons learned during the Penetration Test;
b) Executive debriefing for management to provide the information needed to determine appropriate risk management strategies for your organisation.