How Well Are Your Systems Protected Against Malware?

Realistic Approaches

During our Client-Side Penetration Test, auditors apply realistic approaches and techniques that are often used by both malicious software and hostile actors. Manipulated websites are important attack vectors that could allow attackers to infiltrate your network.

Using Vulnerabilities

We try to intrude into your internal network by manipulating attachments and downloads to exploit vulnerabilities in browsers and plug-ins, email clients, PDF readers etc. In this way, security measures such as anti-virus software, mail gateways and terminal services are tested.

Specially Prepared Emails

In cooperation with at least one of your employees, we will send prepared emails to email addresses provided by you. In addition, your employee will be instructed to visit specially set up web pages on servers in our lab. After successful access to your network, our consultants will try to penetrate deeper into your network to gain access to more internal data.

Safe and Harmless

During the execution our trial files will behave almost like dangerous software and try to reconnect to a server in our lab. Other threatening functions are not included in the files. For this reason, your network remains secure and safe during a Client-Side Penetration Test. This step of the investigation can serve to determine whether existing protective measures are capable of preventing the connection from being established.

The goal of the Client-Side Penetration Test, unless otherwise agreed in advance, is to answer the following questions:

  • How effective are the installed security measures?
  • Are the access rights for your employees set correctly?
  • Are there vulnerabilities and how can an attacker exploit vulnerabilities?
  • What damage can an attacker do by exploiting vulnerabilities?
  • How can detected weak points be closed in an economically sensible way?

Once all these questions have been answered, a realistic picture of your current security level is given. Based on the results of the penetration test, further measures to increase IT security can be derived.