Cyber penetration testing

A « perimeter » form, with penetration tests on specific parts such as internal infrastructure, web applications..

A red team form, based on objectives, allowing to perform a complete attack simulation without prior information.

Services cyber
Infrastructure Externe

External infrastructure security test

This test simulates an attack on a computer infrastructure accessible from the Internet. The objective of such a test is to identify vulnerabilities in the security measures implemented at the network and operating system level of systems connected to the Internet.

  • }Average time needed (Report and mgmt included): 2 days / 10 IPs
  • From : 1000 € excl. VAT / 10 IPs
Infrastructure Interne

Security test of the internal infrastructure

This test simulates an attack on the company’s local network systems and the sensitive data stored there. This is a simulated attack by someone who has previously accessed the internal network and is familiar with the systems. This test focuses on the structured identification of vulnerabilities in a large set of internal systems. We can also test the Active Directory for flaws such as Kerberoasting or unconstrained delegation.

  • }Average time required (Report include): 4 days / 100 IPs + 4 days / Active Directory
  • From : 2000 € excl. VAT / 100 IPs + 2000 € excl. VAT / Active Directory
Assumed Breach

Assumed breach

This test simulates an attacker’s success in breaking into the company’s network (e.g. via a fraudulent email or a penetration via a physical or computer security flaw). The objective will be to identify the shortest path to gain control of the customer’s most important resource (e.g. access to confidential data). To do this, our testers will identify a chain of vulnerabilities present in the client’s infrastructure and exploit them to achieve the objective.

  • }Average time required: 8 days / objective
  • Recommended number of objectives : 2
  • From : 4000 € excl. VAT / objective
Infrastructure industrielle 4.0

Industry 4.0 Infrastructure Security Testing (ICS)

Critical infrastructure and industrial systems are increasingly dependent on IT, introducing new threats to SCADA systems. Hackmosphere helps organizations evaluate and test the IoT network through passive and active security tests, which are then compared to the desired security level.

During the passive tests, we review for example the configuration of the architecture in place, the physical access controls or the update management process.

Active testing includes penetration testing of internal IT infrastructure, dual-homed hosts (IT & OT) and the ICS infrastructure. The ICS infrastructure is tested with very limited actions to ensure that these highly sensitive environments are not disrupted.

  • }Average time required (including report and mgmt): 12 days / site
  • From : 6000 € excl. VAT / site
Test de sécurité des application web

Web application security testing 

During this test, we analyze application vulnerabilities based on the OWASP Top 10, such as SQL injection, Cross-site Scripting (XSS), user input validation and vulnerable management interfaces. We offer several types of application testing.

Black box

Simulates an attack from the perspective of an unauthorized user. Functions that can be accessed after logging in can usually not be tested.

  • }Average time required (including report and mgmt): 3.5 days / app
  • From : 1750 € excl. VAT / app

Grey box

Simulates an attack from the perspective of an authorized user and unauthorized access. These tests involve the use of specifically provided accounts, with the objective of identifying vulnerabilities in the application logic, such as checking for unauthorized access to other users’ information.

  • }Average time required (including report and mgmt): 6 days / app
  • From : 3000 € excl. VAT / app
Test de sécurité des applications mobiles

Security testing of mobile applications (grey box)

This test aims at the security of mobile applications on smartphones and tablets, concerning the communication between the (mobile) application on smartphone/tablet and the back-end application environment. For this purpose, we will do a specific application security test for the back-end and a source code security test for the application.

  • }Average time required (including report and mgmt): 6 days / app
  • From : 3000 € excl. VAT / app
Test de sécurité wi-fi

Wi-Fi security test

A Wi-Fi security test simulates an attack on a wireless network. We will enter one or more sites with a specially prepared laptop to identify vulnerabilities in the existing Wi-Fi technology, at several strategic points if necessary.

  • }Average time required (including report and mgmt): 2 days / PA
  • From : 1000 € excl. VAT / app
Test de robustesse et complexité du mot de passe

Password robustness and complexity test

In this test, we evaluate the robustness of important passwords that end users may have chosen. To perform this test, we work closely with the customer to obtain an extract of the password hashes of the selected users. We then try to « crack » these hashes, thus providing insight into the chosen passwords and the associated statistics (e.g. defining how many passwords can be guessed in a defined time).

  • }Average time needed: 2 days / 500 password hashes
  • From : 1000 € excl. VAT / 500 password hashes