Penetration Test / Red Team
Synacktiv assesses the overall security of your organization through real-world testing
These so-called "Red Team" assessments rely on an in-depth knowledge of existing technologies, combined with a high degree of stealth. To increase the credibility of these tests, the SOC and the administration teams are often voluntarily kept in the dark.
We also offer penetration testing assessments on more narrow scopes (internal network, applications, embedded systems, etc.).
EXAMPLE OF COMPROMISE
- Compromise of a website exposed on the Internet via SQL injection
- Setup of a communication channel towards the remote internal network
- Compromise of a workstation and retrieval of authentication secrets (also possible via spear-phishing)
- Compromise of an administration workstation
- Bounce on the industrial network via this administration station
Tools
Oursin , Disconet, Leakozorus, Kraqozorus, BurpSuite, nmap, recon-ng, impacket, pypykatz, ssf, scripting Python/Bash/PowerShell
Latest articles
Site Unseen: Enumerating and Attacking Active Directory Sites
Active Directory Sites are a feature allowing to optimize network performance and bandwidth usage in AD internal environments. They are commonly implemented by large, geographically dispersed organiza
...
What could go wrong when MySQL strict SQL mode is off?
This article shows some examples of attacks that can abuse MySQL behavior when the strict SQL mode is disabled, especially when string characters are invalid in the current encoding. This happens when
...
The Phantom Extension: Backdooring chrome through uncharted pathways
The increasing hardening of traditional Windows components such as LSASS has pushed attackers to explore alternative entry points. Among these, web browsers have emerged as highly valuable targets sin
...
Contact us
Do not hesitate to contact us to tell us about your needs. Our sales team is at your disposal to answer all your questions.
Team leader
Julien Legras
Business Contacts
