IronSky offers a range of penetration testing services ranging from internal assessments, external assessments and wireless assessments.
Our overarching methodology for all internal and external penetration testing is as follows:
During the reconnaissance phase the IronSky team will gather as much information from publicly available information mostly from online sources (Open-source intelligence (OSINT)). The IronSky team will analyse this information to identify sensitive information that can assist the team further
The team will scan the targets in scope to identify what open ports are available and if any have known vulnerabilities associated with them. During this phase a vulnerability scanner may be run if agreed upon
In this phase the team will attempt to exploit identified vulnerabilities and the team will ensure that all exploited vulnerabilities do not put any additional risk to the organisation by notifying the organisation point of contact
The team will assess what type of information they can obtain from the system and what other information they can use to gain access to other systems
Using the information obtained from the post exploitation phase the team will attempt to gain access to other in-scope system
The team will write a report containing all identified vulnerabilities and risks to the organisation and how to resolve them