Penetration testing activities aid organization to evaluate effectiveness of their cyber security controls through simulated real-world cyber attacks. Identifying and selecting applicable methodology is thought to be one of important activities in performing penetration test. Our experiences indicated that a structured and effective penetration test methodology supported by qualified personnels would usually deliver high quality output. Based on this consideration, we selected penetration test execution standard (PTES) methodology and a customized offensive threat modeling process as our approach.
Real-world persistent cyber attacks are commonly stealthy and sometimes occur outside of organizations normal operating hours. To closely simulate this scenario and allow our teams to work silently at any given time within the organizations network, Seclab.id has desiged small devices that automatically connect back to command and control systems. Through these devices, our teams could plan and launch series of attacks with minimum chance of being detected.