During our Client-Side Penetration Test, auditors apply realistic approaches and techniques that are often used by both malicious software and hostile actors. Manipulated websites are important attack vectors that could allow attackers to infiltrate your network.
We try to intrude into your internal network by manipulating attachments and downloads to exploit vulnerabilities in browsers and plug-ins, email clients, PDF readers etc. In this way, security measures such as anti-virus software, mail gateways and terminal services are tested.
In cooperation with at least one of your employees, we will send prepared emails to email addresses provided by you. In addition, your employee will be instructed to visit specially set up web pages on servers in our lab. After successful access to your network, our consultants will try to penetrate deeper into your network to gain access to more internal data.
During the execution our trial files will behave almost like dangerous software and try to reconnect to a server in our lab. Other threatening functions are not included in the files. For this reason, your network remains secure and safe during a Client-Side Penetration Test. This step of the investigation can serve to determine whether existing protective measures are capable of preventing the connection from being established.
The goal of the Client-Side Penetration Test, unless otherwise agreed in advance, is to answer the following questions:
Once all these questions have been answered, a realistic picture of your current security level is given. Based on the results of the penetration test, further measures to increase IT security can be derived.