Digital4nx Group's security team will attempt to compromise the Client's designated network by employing the following methodology:
RECONNAISSANCE – The Security Team will gather evidence and information on the target of the attack, using both active and passive techniques, in attempt to find material being made available that could lead to a security threat. During this phase an attempt is made to determine how much information is available on the Client's organization.
SCANNING & ENUMERATION – Following the Reconnaissance stage, the Security Team will run a variety of information gathering tools in order to enumerate computers and devices that the team may be able to access.
SOCIAL ENGINEERING AND PHISHING – Digital4nx may attempt to use minimally disruptive social engineering techniques, including sending phishing emails.
VULNERABILITY MAPPING AND PENETRATION – The Security Team will look for vulnerabilities in enumerated computers and devices and attempt to exploit them. If successfully penetrated, the team will attempt to escalate privileges and gain further access into the network, including the points at which sensitive data can be accessed.
FINAL PENETRATION TEST REPORT – Throughout the penetration test, the Security Team will document and record the exercise. The Security Team will provide a report of the penetration test which will include all vulnerabilities discovered, what data was obtained from the network, and the actions that need to be taken to ensure security issues are resolved. The report will be strictly confidential.