PENETRATION TESTING

Simulate attacks against your public facing assets by testing your external systems and infrastructure. This enables you to uncover vulnerabilities that are publicly accessible to anyone on the Internet. External penetration tests typically start with reconnaissance of your external footprint, using a combination of public and paid data sources. Combined with activities such as port discovery and vulnerability scanning, Loop will identify vulnerabilities and attempt to exploit them, chaining together vulnerabilities if required, to demonstrate the maximum impact of what may start out as a handful of seemingly low-risk issues. Commonly, the goal of external penetration tests is to gain a foothold in your environment, that can be used as a pivot point to begin attacking internal assets.

Assess the internal infrastructure of your organisation by simulating a malicious attack from the inside to identify vulnerable systems and services that are valuable to a cybercriminal.

A threat actor could be present in your internal network via multiple means; a user may have been compromised, your perimeter or endpoints may have been breached, or some other type of internal threat might exist. Internal penetration testing aims to identify vulnerabilities and misconfigurations within the internal environment and demonstrate what potential impact they may cause to your organisation.

Loop uses a combination of proprietary and published tradecraft to gain access to systems in your internal network, escalate privileges, and then move laterally through the environment. An agile and iterative approach is applied to internal testing, as each successful exploit brings us one step closer to the ultimate aim of compromising the most valuable assets in your organisation. 

Web and Mobile application testing will ensure client’s applications meet industry best practice security standards. We leverage our years of experience in application testing, coupled with our in- depth knowledge of the inner workings of applications to identify common and hard to find vulnerabilities, providing clients with recommendations that assist with the mitigation and fixing of existing and emerging threats. 

Our social engineering service assesses the strength of your workforce security by attempting to exploit the human aspects. Increase the security awareness of an organisation by conducting social engineering campaigns that identify weaknesses in people and processes. 

We design engagements tailored to your organisation, making attempts to gather information through different methods such as phone calls (vishing), emails (phishing) and SMS (smishing). At the end of the campaign, we will provide you with the results, summarising vulnerabilities, assessing their risk to your organisation and providing remediation advice.

Physical intrusion exercises assess the vulnerabilities of your physical premises and supporting infrastructure used to manage corporate environments. Loop performs active intrusion tests that seek to demonstrate what a real-world threat actor could achieve when targeting your organisation in the locations your organisation operates from. 

Example exercises that can be performed to demonstrate weaknesses include gaining unauthorised entry to key locations such as server rooms, executive suites and board rooms. Other capabilities include deploying overt monitoring devices inside an environment or hardware implants throughout the network, and simulating device theft scenarios. 

Commonly exploited weaknesses include poor hardware choices for digital and mechanical access control systems, insecure building design, staff susceptibility to social engineering attacks and weaknesses in the configuration of digital access control systems.