Penetration Testing

Kontex penetration tests simulate the actions of an external or an internal attacker that aims to breach the information security of an organisation. Our tests aim to discover if you have any vulnerabilities, where they lie and how to fix them. Using the latest tactics, techniques and procedures (TTPs) our highly qualified penetration testers expose gaps in security to critical systems and demonstrate how access could be achieved to exploit sensitive data. Our penetration test methodology covers mobile, wireless, infrastructure, web application and cloud and their unique security challenges.
Our highly qualified penetration testers expose gaps in security to critical systems
In preparation for the test we engage with clients to produce a scope which will outline the parameters for the test. Following a penetration test the client receives a comprehensive report that translates the vulnerabilities found into actual risks to the organisation. The report also includes recommendation and remediation advice. Following remediation we recommend a re-test is performed to test all areas fixed as a result of the remediation effort to confirm the risk levels can have been reduced.

Kontex scenario based simulations emulate threat actor’s attacks to evaluate how your cyber security strategy responds. If you already perform regular penetration tests and security reviews you are already doing the right activities to secure your organisation. Scenario based simulated attacks are the next level in security testing and mimic a real attack and your organisations detection and response capabilities.

In order to test the protection of the assets your organisation values most we will work with you to identify your key informational assets. We will devise a number of realistic attack scenarios each using these unique targets and the tactics, techniques and procedures (TTPs) of threat actors in your sector. We will monitor the detect and response capabilities of your internal security team. Following the simulation we will produce a business impact report that will outline the gaps in your organisations security defences and expose the real business risks you are susceptible to.

Kontex seek to provide regulatory testing for frameworks such as Threat Intelligence-based Ethical Red Teaming (TIBER-EU) which enables European and national authorities to work with financial infrastructures and institutions to put in place a programme to test and improve their resilience against sophisticated cyber-attacks.

TIBER-EU is a common framework that delivers a controlled, bespoke, intelligence led red team test of entities’ critical live production systems. Intelligence-led red team tests mimic the tactics, techniques and procedures (TTPs) of real-life threat actors who, on the basis of threat intelligence, are perceived as posing a genuine threat to entities. An intelligence-led red team test involves the use of a variety of techniques to simulate an attack on an entity’s critical functions (CFs) and underlying systems (i.e. its people, processes and technologies). It helps an entity to assess its protection, detection and response capabilities.

Social engineering is used in a variety of ways in modern day attacks to obtain sensitive and useful information to use against an organisation in an attack. Kontex social engineering service is designed to highlight gaps in an organisations physical access and security awareness controls. Our experienced consultants use a mixture of tactics and techniques to expose weaknesses you may not realise you have. We provide actionable remediation advise on how to reduce threat of malicious attackers and ultimately reduce the risk of employee related security breaches.