Blue Frost Security
Security Beyond Compliance
Talk to our team

Penetration Testing

In today’s ever changing world, security and privacy has become one of the biggest challenges for organizations world wide. Almost every organization has experienced security breaches that often result in incalculable damages to their revenue, reputation and intellectual property.

In a penetration test (sometimes simply called a pentest), we conduct high-skill attacks on your environment or products in order to simulate a real attack. The procedure is very similar to that of a real attacker, therefore, enabling a good and pragmatic assessment of the security of the tested environment.

The knowledge we gain in such a procedure helps us deliver recommendations on how you can increase your organization's level of security and to ensure vulnerabilities in your systems are handled appropriately in order to successfully ward off attackers.

Know the difference

While tools are often used in real penetration tests, our focus lies on the manual exploitation of vulnerabilities by our analysts. Unfortunately, penetration tests are often misrepresented or confused with vulnerability scans, which automatically search for possible vulnerabilities in your systems or products, but neither verify nor actually exploit them. This type of automatic assessment does not take real circumstances into account, making them significantly less meaningful.

Real attackers are leveraging their manual skills in order to breach your environment or product therefore, only high-skilled simulations will produce valuable and actionable results that will elevate your organization’s security considerably.

What Sets us Apart

Unlike some of our competitors, we are aware that the central quality factor in our work is the security analyst. Neither checklists, methodologies, tools nor automatic processes can make up for highly qualified, trained, experienced and motivated security analysts. Our approach to go deeper reveals the underlying problems in your environment which allows you to fix the root cause of the weaknesses. This approach in turn also improves the motivation of our analysts. (We sometimes speak of the “hunting fever" of our consultants.)

Due to the manual focus of our work, our analysts are highly qualified to deal with high-risk systems (such as SCADA systems) as well as proprietary protocols, software and hardware.

Moreover, we also adapt the security risk assessment to your industry’s needs and are not dictated by static processes.

Penetration Tests with a Specific Focus

A Network penetration test is focused on your organization's networks and their overall security.

A distinction is often made between an internal and external infrastructure test, depending on which network is given as the target. Internal tests are usually performed on-site and simulate an attacker that has already gained access to internal networks, a rogue employee with a certain degree of access, or a person that has infiltrated your premises physically. External tests are focused on attacks from the perspective of an attacker trying to gain initial access to your environment remotely.

Many attackers who succeed in gaining access to your servers remotely could potentially be stopped by proper security measures that are implemented in your internal networks. Internal network testing allows us to dig deeper into your systems and uncover security vulnerabilities that could allow attackers to move laterally within your networks.

Web Applications
Web applications such as your company's website as well as interaction interfaces such as online payment systems and  banking platforms, offer hackers a rich attack surface and ample opportunities to gain unauthorized access to your systems. A webserver with an insecure web application may provide attackers access to databases containing customer data, or even elevated access to internal company networks.

Additionally, web applications can be leveraged to exploit the trust relationship with users in order to attack the users themselves such as in watering hole attack scenarios.

Web Services
As many organizations focus on testing web applications and consider them a primary attack vector, web services have become secondary and many times left without testing. It is often found that security in web services is inferior to security of web applications. This makes web services a primary attack vector and an easy target for potential attackers.

The use of web services has been increasing rapidly mainly due to the growth of mobile applications and the fact that most of these applications use web services. Additionally, web services are used by enterprise software as well as custom made web applications that transfer data that runs on different platforms. Web Services generally store and transfer sensitive data making them an attractive target for potential attackers. We provide a comprehensive approach for testing these services and believe in the importance of ensuring that not only your web applications are tested but also that your web services are thoroughly revised.

Mobile Applications
Widespread and consistent growth of mobile devices demand a quick approach to application development. This approach causes developers to overlook security practices and generates a growing number of security incidents and vulnerabilities.

Regardless of the mobile platform (iOS, Android, Blackberry), our approach to mobile application security assessment covers both server and client-side analysis including, but not limited to the vulnerability classes from OWASP Mobile Top 10. According to our testing methodology, all areas of the application such as but not limited to, the handling of user input, cryptography and secure local storage are thouroughly analyzed.

As industrial control systems become interconnected to networks and the internet, they are becoming a very attractive target for potential attackers. The results of such attacks can be catastrophic to production and may cause irreparable damage to equipment. Furthermore, in some cases it can be a serious threat not only for business, but also for national security. Current statistics show a constant rise in the number of officially registered and disclosed security incidents with ICS / SCADA, some with catastrophic consequences. This, however, is not the full picture and is only the tip of the iceberg as most incidents are probably not even reported.

As many SCADA devices have proprietary protocols and these are becoming interconnected with TCP/IP, many security professionals are not able to conduct safe attacks against these devices. Often testing of ICS / SCADA devices becomes very challenging because they are being utilized in production environments and cannot be taken down for testing. Additionally, using standard penetration testing tools on ICS / SCADA devices is dangerous because they can cause your ICS / SCADA systems to crash.

From utilizing specific tools for ICS / SCADA environments to fuzzing and reverse engineering proprietary protocols, we can provide a comprehensive research based approach to the testing of these devices to ensure that they are operating securely and reduce the attack surface of potential intruders.

Embedded Devices / Internet of Things
Today many embedded devices are already interconnected and rapidly gaining access to our daily lives. This trend can be observed in all major sectors of the industry such as building and home automation, transportation and manufacturing.

Apart from the many benefits that this trend provides, there are also massive security risks involved mainly due to the increase of the attack surface by a large factor. IoT devices that are connected to the Internet pose an emerging security risk. Moreover, the strong interconnectivity between these devices and infrastructure which was previously strictly separated from the Internet could now become targets of an attack.

At Blue Frost Security we perform advanced security analysis of all kinds of embedded devices in order to identify security vulnerabilities or even backdoors in devices which your overall security depends on.

A typical analysis starts with the identification of the physical attack surface, including the identification of possible open debug interfaces like UARTs or unprotected JTAG interfaces. Accessible busses and pins on the circuit board are checked for ways to get access to the firmware and/or operating system running on the device. In the next stage, the firmware of the embedded device is obtained. This can be as easy as sniffing the firmware upgrade process or can require dumping of flash chips from the circuit board. After the firmware is obtained and decrypted we begin with the analysis of the operating system.

We review all the provided functionality and used protocols of the embedded device for potential security vulnerabilities. This analysis is based on the obtained firmware which we reverse engineer.