Penetration Test / Red Team
Synacktiv assesses the overall security of your organization through real-world testing
These so-called "Red Team" assessments rely on an in-depth knowledge of existing technologies, combined with a high degree of stealth. To increase the credibility of these tests, the SOC and the administration teams are often voluntarily kept in the dark.
We also offer penetration testing assessments on more narrow scopes (internal network, applications, embedded systems, etc.).
EXAMPLE OF COMPROMISE
- Compromise of a website exposed on the Internet via SQL injection
- Setup of a communication channel towards the remote internal network
- Compromise of a workstation and retrieval of authentication secrets (also possible via spear-phishing)
- Compromise of an administration workstation
- Bounce on the industrial network via this administration station
Tools
Oursin , Disconet, Leakozorus, Kraqozorus, BurpSuite, nmap, recon-ng, impacket, pypykatz, ssf, scripting Python/Bash/PowerShell
Latest articles
What could go wrong when MySQL strict SQL mode is off?
This article shows some examples of attacks that can abuse MySQL behavior when the strict SQL mode is disabled, especially when string characters are invalid in the current encoding. This happens when
...
The Phantom Extension: Backdooring chrome through uncharted pathways
The increasing hardening of traditional Windows components such as LSASS has pushed attackers to explore alternative entry points. Among these, web browsers have emerged as highly valuable targets sin
...
Dissecting DCOM part 1
This is the first article on the "Dissecting DCOM" series. This article aims at giving an introduction to the base principles of COM and DCOM protocols as well as a detailed network analysis of DCOM.
...
Contact us
Do not hesitate to contact us to tell us about your needs. Our sales team is at your disposal to answer all your questions.
Team leader
Julien Legras
Business Contacts
