Linux and Open Source Pentests and vulnerability assessments.


Linux and Open Source Pentests and vulnerability assessments.

As Ethical hackers we engage in sanctioned hacking with permission from system owner. We perform penetration testing for companies in Toronto Ontario and remotely anywhere in North America by hacking the system just like hacker would do but for benign purpose. We take on the role and use the mind-set and skills of an attacker to simulate a malicious attack. We understand both sides the good and a bad and we use this knowledge to help our clients to secure there systems.

We must have explicit permission in writing from the company being tested prior to starting any activity. Legally, the persons who must approve this activity must be the owner of the company or there authorized representative. If the scope changes we must update the contract to reflect this changes before performing new tasks.

  • We will use exactly same strategies as malicious attacker.
  • We will clearly define rules of engagement prior to beginning assigned job.
  • We will never reveal any information pertaining our clients to anyone but the client.
  • If the client requests penetration tests stooped, we will do so immediately.
  • We will provide detailed report on our findings at the end of testing.
  • We will work with the client to address all security issues related to our findings.

We can perform tree types of pen tests

Black box We provided little or no knowledge of the target
Gray box We provided some limited information on the target
White box We have all information about the target

Our typical hacking process for black box pen tests includes but not limited to

  • Footprinting
  • Scanning
  • Enumeration
  • System hacking
  • Escalation of privilege

Please consider following questions prior requesting our help with pen tests

  • Why do you need pen test
  • What will be the constrains or rules of engagement for the tests
  • What data and services will be included as part of the test
  • Who is the data owner
  • Who will be the emergency contact
  • What condition will determine the success of the test
  • Will test be performed as Black, White or Gray hat
  • Will internal users be notified
  • When will the tests be performed
  • What action will be allowed as part of the test
  • What resources will be made available
  • What are the expected cast
  • What is the budget
  • What will be done with results when presented
  • What results are expected at conclusion of the test

About the author