One day, an actual hacking attempt will take place

You have already invested in security measures and everything is in place to ward off cybercriminals. Right?

Download the whitepaper

Tesorion Offensive Security in practice

Digital valuables

We assess the feasibility and the chance of success of an attack by specifically attacking your mission-critical information assets, or digital valuables. If we can disrupt these systems, we will also know how we can provide an appropriate remedy.

Business context

A cyber incident affects different people in different ways. That is why it is important to have an insight into the business context. Only then can we assess a risk and provide a relevant recommendation.

ethisch hacken

Ethical hacking

An ethical hacker simulates a cybercriminal’s working method. Once we know where the vulnerabilities or potential errors can be found, we can steer things in a specific direction and provide optimal advice.

vulnerability management, kwetsbaarheden vinden

Exploit vulnerabilities

Malicious parties can exploit errors in the software or the configuration of systems. We can identify known and unknown errors and which ones can be used to breach your security.

Consultancy

Are you aware of your risks and how do you make sure they do not lead to incidents? How do you keep the situation under control? For many organisations this boils down to identifying which choices you can best make now and which ones are best left to later. We can provide an expert who can share ideas and advise on the basis of your needs so that you can then make your own choices.

gedrag en bewustzijn

Behaviour and awareness

The behaviour of employees can be influenced in many ways. By offering various types of training and simulations, you can train employees to behave in the required way and make them aware of signals that point to, for instance, phishing or CEO fraud.

Risicobeperking

Chain dependency

Although you use the applications and services of third parties for your services, do you also know who your partners’ partners are? We can help assess (and mitigate) the risks of chain dependency.

Social engineering

Hackers exploit human characteristics like curiosity, trust, greed, fear, and ignorance and focus their attacks on obtaining confidential information. Our experts can train your employees and thereby increase their awareness.

Why choose Tesorion?

Security is a continuous process

It is important to focus on prevention and detection. Simply installing software is not enough. It is precisely by continuously learning and optimising that we are able to intervene at the right time.

Innovation means alertness

We invest in innovative solutions to make and keep organisations secure, and our pragmatic and robust approach enables us to protect our clients from cybercrime.

experts

Experts in our field

We use our knowledge, from social engineering to behavioural psychology and from systems to programming languages, for a single purpose: to keep cybercriminals at bay.

heldere rapportage

Clear reporting

The identified vulnerabilities are analysed and reported. We, of course, make recommendations on appropriate proactive (counter-)measures and we assist, where required, with the implementation.

What is a pen test and how do we perform it?

Ethical hackers use a pen test (or penetration test) to search, both manually and automatically, in the broadest way possible, for vulnerabilities in your IT environment, based on the available time, the requirement, and the scope. The scope is determined in consultation.

  • what is and is not part of the pen test
  • how thoroughly is it carried out
  • what type of environment does it regard
  • what test methodology is best in line with the demand

What does a pen test do?

A pen test checks the security of one or more information systems by providing insight into the path that a malicious party would follow. This can be a black, white, and grey box test.
A pen test supports organisation by proactively detecting vulnerabilities and can save recovery time and increase business continuity.
A pen test provides insight into the degree of security.

Why carry a pen test?

The objective is to obtain insight into the degree of security. The result of a pen test identifies the areas that need attention and offers specific guidance on how to take adequate countermeasures in order to improve security. In this respect, a pen test provides valuable feedback. That is also why clients more and more frequently ask for a pen test to be carried out in order to assess the security of client systems.

A brief overview of various types of pen tests

Black box

In this case, the environment is assessed for vulnerabilities without knowledge of the environment. An ethical hacker simulates the working method of an unauthorised user who intends to misuse in-scope systems or environments.

Result: Insight into what a malicious party sees and how they can penetrate.

Internal & external. Web, Infra & Wi-Fi

Grey box

This involves us logging on to your environment with known information, with the objective being to detect vulnerabilities. In the process, we simulate a situation in which a malicious party has access to the correct login details.

Result: Insight into potential consequences after access has been obtained.

Internal & external. Web, Infra & Wi-Fi

White box

In this case, we have knowledge of the systems. We often use this type of test in the context of software development because it enables us, for instance, to analyse the code statically and dynamically, as well as testing whether vulnerable functions can cause damage.

Result: A good picture can be created of the internal and external vulnerabilities.

Internal & external. Web, Infra & Wi-Fi

We offer protection to

Publications

Check out the latest relevant news, podcasts and blogs from our experts on this topic here.

Vulnerability
24 November 2021

WakeUp Wednesday

Welcome to #WakeUpWednesday. We want to make the Netherlands digitally safe and resilient. That is why Tesorion will now give you a short overview every Wednesday in a post about…
Exchange november vulnerabilitiesCERTSOCVulnerability
23 November 2021

Proof of Concept Code available for new Microsoft Exchange vulnerabilities

This blog contains information regarding Proof of Concept Code that is made available for new Microsoft Exchange vulnerabilities. As soon as we have an update, we’ll add it to this…
CERTSOCVulnerability
11 November 2021

Palo Alto Networks GlobalProtect vulnerability

This blog contains information regarding a Palo Alto Networks GlobalProtect Portal vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks…
View all publications

Unfortunately, cyber-threats are no longer something new. However, a truly coherent cyber-approach is.