This phase executed comprehensive discovery and enumeration procedures targeting pertinent internal address ranges identified for the assessment. This effort identified assets, listening services and applications providing a footprint of your internal network. Additionally, we seek to understand your network design to unmask with you additional areas that may need to be reviewed to ensure a thorough IT assessment
of your internal network security infrastructure (e.g. IP addresses for split-tunnel connections etc.)
Based on the assets in scope as dictated by you, Elevate reviews the following:
– Servers – Elevate performs detailed vulnerability discovery and scanning using a comprehensive suite of commercial and open source tools targeting server-based systems.
– Workstations – In addition to the comprehensive security testing executed on the server based systems in the environment, this phase executed thorough vulnerability scanning, confirmation and manual testing techniques targeting a representative sampling or entire population as requested by you.
– IP Enabled Devices – In addition to the server and workstation testing, if requested Elevate will perform the vulnerability scanning across additional IP-enabled devices (e.g. printers, phones, cameras, network device management) within the address ranges specified.
Identified vulnerabilities are reviewed and validated internally and with you in an effort to eliminate false positives. Manual testing procedures are also executed to identify flaws not easily identifiable with automated tools and coordinated and controlled exploitation of targeted issues were performed to demonstrate impact and allow for further vulnerability exploitation exercises.
It is during this phase, that Elevate summarizes and provide concise and meaningful information to be shared with Executives and a separate report to technical staff.