External Penetration Testing
An external penetration test emulates the role of an attacker attempting to gain access to an internal network without internal resources or inside knowledge. A TCM Security engineer attempts to gather sensitive information through open-source intelligence (OSINT), including employee information, historical breached passwords, and more that can be leveraged against external systems to gain internal network access. The engineer also performs scanning and enumeration to identify potential vulnerabilities in hopes of exploitation.
Our Methodology
All external penetration testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
Planning
Discovery
Attack
Reporting
Thorough Testing
Activities performed during external penetration testing include, but are not limited to:
- Vulnerability scanning and exploitation
- Social media intelligence gathering
- Username and account enumeration
- Breached credential intelligence gathering
- Service, port, and website enumeration
- Enumerating third parties for data leaks (S3 Buckets, GitHub, etc.)
- Attacking login portals (Website, O365, VPN, etc.)
- Multi-Factor Authentication (MFA) bypassing
- Other testing depending on specific customer content and footprint
Thorough Testing
Activities performed during external penetration testing include, but are not limited to:
- Vulnerability scanning and exploitation
- Social media intelligence gathering
- Username and account enumeration
- Breached credential intelligence gathering
- Service, port, and website enumeration
- Enumerating third parties for data leaks (S3 Buckets, GitHub, etc.)
- Attacking login portals (Website, O365, VPN, etc.)
- Multi-Factor Authentication (MFA) bypassing
- Other testing depending on specific customer content and footprint
Thorough Testing
Activities performed during external penetration testing include, but are not limited to:
- Vulnerability scanning and exploitation
- Social media intelligence gathering
- Username and account enumeration
- Breached credential intelligence gathering
- Service, port, and website enumeration
- Enumerating third parties for data leaks (S3 Buckets, GitHub, etc.)
- Attacking login portals (Website, O365, VPN, etc.)
- Multi-Factor Authentication (MFA) bypassing
- Other testing depending on specific customer content and footprint
Proudly Trusted By:
Sample Pentest Report
See The Results We Can Deliver To You. No Email Required.
Penetration Testing - PCI Compliance - Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.