Penetration Test / Red Team
Synacktiv assesses the overall security of your organization through real-world testing
These so-called "Red Team" assessments rely on an in-depth knowledge of existing technologies, combined with a high degree of stealth. To increase the credibility of these tests, the SOC and the administration teams are often voluntarily kept in the dark.
We also offer penetration testing assessments on more narrow scopes (internal network, applications, embedded systems, etc.).
EXAMPLE OF COMPROMISE
- Compromise of a website exposed on the Internet via SQL injection
- Setup of a communication channel towards the remote internal network
- Compromise of a workstation and retrieval of authentication secrets (also possible via spear-phishing)
- Compromise of an administration workstation
- Bounce on the industrial network via this administration station
Tools
Oursin , Disconet, Leakozorus, Kraqozorus, BurpSuite, nmap, recon-ng, impacket, pypykatz, ssf, scripting Python/Bash/PowerShell
Latest articles
Dissecting DCOM part 1
This is the first article on the "Dissecting DCOM" series. This article aims at giving an introduction to the base principles of COM and DCOM protocols as well as a detailed network analysis of DCOM.
...
Should you trust your zero trust? Bypassing Zscaler posture checks
Zscaler is widely used to enforce zero trust principles by verifying device posture before granting access to internal resources. These checks are meant to provide an additional layer of security beyo
...
Laravel: APP_KEY leakage analysis
In November 2024, Mickaël Benassouli and I talked about vulnerability patterns based on Laravel encryption at Grehack. Although, each discovered vulnerability requires access to a Laravel secret:
...
Contact us
Do not hesitate to contact us to tell us about your needs. Our sales team is at your disposal to answer all your questions.
Team leader
Julien Legras
Business Contacts
