One of Attack Research's main areas of expertise is testing, however we are not your typical Penetration Testing shop. We approach the concept of testing from a different point of view than most.
Target Modeling
In this scenario we first gather as much information about the particular environment you want tested as possible; including operating systems, hardware, people, applications, etc. Then we build a model of your environment which as close as we can get to the real thing (depending on the situation). Finally we begin the research phase looking for weaknesses, developing stategies to attack the environment and give you the results. The results include our best estimates as to the types of risks you may be subject to, and the likelihood of such an attack occuring along with some suggestions on potential mitigation strategies. We can also help you evaluate the possible consequences of a successful attack to help you perform a realistic cost benefit analysis in order to make a well informed decision on what to do (if anything).
Real World Attack Simulation (Similar to a Pen Test)
If you contract us to test your organization we will develop an attack plan which will mimic what a real attacker will do. Real attackers do not come in with a check list or follow an approved methodology. An actual attacker isn't going to do a Nessus scan and hand you a canned report. They will recon your organization, find out who your employees are, what your building looks like, what software you run and what your most valuable assets are. Then they will target your organization until they have achieved their goal using exploits, social engineering, physical entry, trojaned USB keys, whatever it takes. If you want a true assessment of your security situation, you want a group who will come in and hit you just like the bad guys will. This is Attack Research.
Product Testing
Do you have a piece of hardware or software where security is a concern? With our years of reverse engineering and black box testing experience we can find the vulnerabilities you may have missed. Whether you have a security product or a web application which tracks personal information we can help you find potential problems before the bad guys use them against you.
Costs
We will design a project plan that fits your needs. Our rates are typically between 150$ - 250$ an hour depending on the project and the typical project time is one week. We keep all information regarding our clients strictly confidential. Contact testing@attackresearch.com for more information.
Testing