Security Testing Services

It is vital to discover unmitigated/undetected attack vectors and remedy them before an adversary does. PEN Consultants can help you do just that! By mimicking the actions of a hacker, we can uncover potential attack vectors (vulnerabilities, misconfigurations, detection gaps, etc.) that would greatly damage your organization by compromising your data. But, unlike a hacker, we will perform the attacks with great care so that we maintain confidentiality/integrity/availability of your data and systems, and we will follow up with an actionable plan for you to protect yourself.

Although there is no magic bullet, and you’ll never achieve “100% secure”, the benefits of having on-going security testing performed is significant. To read more about these benefits, Google: “benefits of red teaming“.

Our Services

PEN Consultants offers traditional Vulnerability Scanning, Penetration Testing, and Red Teaming services. In addition to our core services, we also offer customized services, the exact blend of which is driven by the unique needs of each of our clients. For example, some clients want an exclusive deep dive web application testing, while others want a broad “everything is fair game” engagement. Others bring us in to simply test their incident response team, perform phishing evaluations, or lead lunch-and-learn trainings. We will tailor the engagement to your organization’s specific needs, which will be based on your risk concerns.

For more information, see our services details and pricing page.

Which Service Is Right For Me?

What is the difference between “Vulnerability Scanning”, “Vulnerability Assessments”, “Penetration Testing”, and “Red Teaming”? What do they mean? Which one do you need performed on your systems? For a detailed look at this topic, and to make an informed decision about which testing best meets your organization’s needs, check out this blog post: Red Teaming vs Penetration Testing vs Vulnerability Scanning vs Vulnerability Assessments

Reach out to us at any time and let PEN Consultants help you determine your needs based on the risks in your industry and which services may be beneficial. Contact Us now for a free no obligation consultation!

Testing Techniques

Example testing techniques and services performed during a given engagement 10:

  • Physical access attacks (network/wiring closets, offices, computers, etc.) 20
  • Wireless attacks (rouge APs, inadequate encryption, bruteforcing keys, circumventing radius authentication, etc.)
  • Network attacks (routers, switches, firewalls, etc.)
  • Enumerate all network attached devices (discovery and port/services enumeration)
  • Social engineering (phishing, dumpster diving, tailgating, masquerading, etc.)
  • Endpoint / IoT attacks (computers, servers, PEDs, projectors, TVs, Disc players, etc.)
  • Unpatched vulnerabilities (scans, CVE checks, etc.)
  • Application attacks (CVEs, binary patching/trojanizing, etc.) 30
  • Network service attacks (web, email, FTP, SSH, DNS, etc.)
  • Website attacks (Injection, authentication bypass, XSS, CSRF, SQLi, etc.)
  • 3rd party “cloud” providers (HR services, email/web service, etc.) 40
  • Suite of industry standard “eval” tools (Nessus, opanVas, etc.)
  • Suite of “hacker” tools (PSEmpire, Metasploit, etc.)
  • Misconfigurations and logic flaws
  • In-depth manual analysis
  • Cursory network/host forensics (has it already been exploited?)
  • Individual technique testing: phishing exercise(s), threat emulation (ex. Mitre ATT&CK technique(s)), port|vuln scan(s), etc.
  • Training: lunch-and-learns/brown-bags, in-depth skills training, CTFs, tabletop exercises, etc.
  • Consulting: via email, phone, slack, on-site, video conference, etc. with a defined cadence or adhoc/as-needed basis
  • SOC staff augmentation: writing new detections, reviewing and testing existing detections, product evaluation/bakeoff, etc.
  • And so much more

By hiring PEN Consultants to mimic the actions of a hacker, you can be confident knowing your organization has Rock Solid Security.

10: The list is not inclusive and in no way guarantees all these attacks/tests will be performed. Examples: (ex. 1) It would be rare to have a physical access attack component with an application security testing engagement. (ex. 2) We would most likely avoid all “noisy” automated scanning/eval tools during a stealthy Red Teaming engagement. (ex. 3) Only a Red Teaming engagement or social engineering assessment would include social engineering.

20: Physical attacks will not be possible with remote-only testing. Social engineering will be limited to remote-only (via phone, email, etc.). Wireless attacks would not be possible, etc..

30: Application attacks for the general pentesting/red teaming is limited to looking for known vulnerabilities and testing of common attack vectors against applications. To fully evaluate an application(s), the separate Application Testing Service is required.

40: Although 3rd party vulnerabilities are discovered in nearly every security testing engagement, in most cases, this is the most limited of testing and you may only be given limited details about the discovery. This is due to the fact that we may/may not obtain the third party’s permission for testing (ex. bug bounty), and have an obligation to withhold disclosure of any discovered vulnerabilities for a period of time to allow for a “patch”. With that said, we are usually able to “manually” evaluate most 3rd party service provider’s services and work directly with the provider to responsibly disclose the vulnerability and track it until mitigated. In the end, you are more secure, as are their other customers. We typically get approval to release at least some of the details, if not all, to our clients.

50: Quarterly engagements require an initial full-scope engagement.

60: Hourly pricing is based on the 12-month average published rate for a Subject Matter Expert – Level III. Total Red Teaming service cost calculated at the same number of labor-hours as listed above.


© PEN Consultants, LLC 2013 -