As Ethical hackers we engage in sanctioned hacking with permission from system owner. We perform penetration testing for companies in Toronto Ontario and remotely anywhere in North America by hacking the system just like hacker would do but for benign purpose. We take on the role and use the mind-set and skills of an attacker to simulate a malicious attack. We understand both sides the good and a bad and we use this knowledge to help our clients to secure there systems.
We must have explicit permission in writing from the company being tested prior to starting any activity. Legally, the persons who must approve this activity must be the owner of the company or there authorized representative. If the scope changes we must update the contract to reflect this changes before performing new tasks.
- We will use exactly same strategies as malicious attacker.
- We will clearly define rules of engagement prior to beginning assigned job.
- We will never reveal any information pertaining our clients to anyone but the client.
- If the client requests penetration tests stooped, we will do so immediately.
- We will provide detailed report on our findings at the end of testing.
- We will work with the client to address all security issues related to our findings.
We can perform tree types of pen tests
We provided little or no knowledge of the target
We provided some limited information on the target
We have all information about the target
Our typical hacking process for black box pen tests includes but not limited to
- System hacking
- Escalation of privilege
Please consider following questions prior requesting our help with pen tests
- Why do you need pen test
- What will be the constrains or rules of engagement for the tests
- What data and services will be included as part of the test
- Who is the data owner
- Who will be the emergency contact
What condition will determine the success of the test
- Will test be performed as Black, White or Gray hat
- Will internal users be notified
When will the tests be performed
What action will be allowed as part of the test
- What resources will be made available
- What are the expected cast
- What is the budget
- What will be done with results when presented
- What results are expected at conclusion of the test