Penetration Testing

Kryptos Logic is comprised of security professionals, who specialize in exploit discovery, development, vulnerability assessments, and penetration testing. Our capabilities are a combination of both manual proprietary techniques and automated approaches which are designed to produce effective results for any client request.

Penetration testing solutions from Kryptos Logic are performed to simulate both internal and external real-world attacks. This type of testing is valuable to any organization's information security program by identifying the methods of gaining access to a target and understanding the techniques used by attackers. We do not simply produce reports that are the result of automated vulnerability scanners or source code scanners.Real attacks and threats are defined by malicious hackers or technology savvy criminals and not by security industry compliance specification. Too often, security professionals will use automated scanners in the dark, which only check for compliance and known vulnerabilities, not if the network or system or application is truly vulnerable. Understanding each case is unique and vulnerable in areas not seen by linear approaches is something automated techniques do not account for.

We implement multiple attack vectors, and leave no stone unturned. Whether it is analyzing network traffic, web site penetration, dissembling client code, fuzzing for vulnerabilities, or implementing a zero day exploit, Kryptos Logic is determined to ensure a client is as secure as possible.

Software Audit

Software and code audits comprimise of a multi layered approached. We start by determing if the overall design elements of the application and its components are secure. Next, we determine if the code itself is consistent with safe coding practices. Finally, we determine if there are any implementation flaws or unforseen vulnerabilities in the design of the application. We provide these services for:

Web applications
Software applications
Cryptographic algorithms
Copy protection systems
Transmission protocols

Network and Web Applications Audit

When it comes to auditing client systems, Kryptos Logic has a variety of tools and resources to choose from, depending on the environment being audited. A Kryptos Logic security audit would ideally include auditing for both external and internal (inside-job) attacks, so as to give the client as realistic an assessment as possible. An external audit would ideally involve auditing the client's web presence (including, but not limited to):

• Website;
• Mail servers;
• VPN gateways;
• Firewalls.

A Kryptos Logic audit would not be limited to running known attacks against the client's infrastructure. Where possible, custom attacks will be initiated against client specific systems as well as the general infrastructure. If permitted by the client and/or the client's business associates, content providers and the like would also be involved, as they might provide an opening for a potential attacker. While an external attack is the most common attack vector, internal attacks are by far the most damaging.

A Kryptos Logic internal audit will give the client an expectation of what disgruntled, or just careless, employees can inflict on an otherwise security compliant organization. Once inside the client's internal network, Kryptos Logic will audit the entire infrastructure to see how a potential attacker could take over the critical part of the client's business and secure continuous access in the future. The systems being audited would include, but not limited to, the following technology:

• Database and backup systems;
• Mainframe systems;
• Storage systems;
• Network and monitoring systems;
• Deployment systems;
• Workstations;
• Frame relays/PBS systems.

Any custom/non-generic systems/technology found at the given client are also included. As in the case of the external audit, custom attacks would be initiated against the client's infrastructure.