Assume breach. Simulate genuine insider threats and scenarios like an employee accidentally clicking on that free gift card link. In ~80% of our engagements in 2024 (so far) we've uncovered vulnerabilities that allowed us to go from just network access to Domain Admin.
T-14 days
Our scoping process begins with a detailed consultation to understand your unique business requirements. We identify critical assets and potential threat vectors to tailor a penetration testing plan that aligns with your security goals.
T-7 days
Our remote testing probes allows us to conduct internal network penetration tests from afar without the need for old-school site visits. Once the device is connected to your network, it automatically dials back to our testing infrastructure with no configuration required on your part.
This approach not only minimises disruptions by allowing for out of hours testing
activities but also reduces costs!
Testing starts! Our certified penetration testers manually search for vulnerabilities to uncover complex attack chains used by advanced threat actors.
Should any critical vulnerabilities be discovered, we communicate these
immediately to ensure swift mitigation.
T+14 Days
Upon completion of the testing phase, we deliver a detailed report that outlines all identified vulnerabilities, accompanied by options for remediation.
A key part of our service is the debrief call, where we walk through the report
together. This ensures that all findings are fully understood and that the necessary
steps for remediation are clearly communicated.
Discover vulnerabilities within the network that may not be visible from the outside. Ensure that the old cupboard PC hasn't been overlooked in your vulnerability management processes.
Identify discrepancies between your policy documentation and actual practices, and ensure that security measures are enforceable and effective in real-world scenarios.
Gain visibility of the potential damage a malicious insider could cause, particularly by identifying employees with excessive access privileges.
Close your organisation's detection gaps. Internal network penetration testing provides an opportunity to test and refine surveillance and alert systems.
Manual assessment forms the bulk of our penetration testing engagements: at least until our AI overlords replace us.
Project Black's high-level approach to assessing networks is adapted from NIST SP 800-115 and Chris McNab's "Network Security Assessment". The methodology aims to add structure to penetration testing engagements such that weaknesses are consistently discovered across various environments.
4 key phases of testing are highlighted below:
Assessing Network Services
This stage involves a thorough review and validation of network services to identify open ports, running services, enumerating versions and associated vulnerabilities with publicly available exploit code.
Assessing Misconfigurations
In this step, we examine network and system configurations to uncover insecure settings that could be exploited by attackers. This can include verifying security protocols, authentication/authorisation mechanisms, and various software configurations.
Active Directory Evaluation
The assessment of Active Directory involves identifying vulnerable configurations like unconstrained delegation, and permission DACLs to identify ways to escalate privileges to domain admin.
Identifying Opportunities for Vulnerability Chaining
Identifying opportunities to chain exploitation of multiple vulnerabilities can result in greater impact than what's possible with exploitation of standalone findings.
Project Black maintains an extensive repository of internally developed TTPs (Tactics, Techniques, and Procedures) while also drawing upon the wealth of open-source knowledge contributed by the global hacking community.
Simply fill out and submit the form, and we'll provide you with a quote within hours - unless you fill it in at 3am!