Offensive Security
Find vulnerabilities with real world impact
Penetration Testing
For your business’ security, it is important to identify vulnerabilities that could allow adversaries access to your systems and data. Vulnerabilities that put your business at significant risk of a compromise are not only damaging for you, they could have an impact on your employees and your customers. Do you know your risk profile and what types of adversaries might attack you?
Penetration testing is our bread and butter! Volkis “pentesting” services will find the vulnerabilities that could be used to hack your networks, web applications, mobile applications, wireless networks, core services and cloud environments. A skilled penetration tester will use the same tools, techniques, and instincts that an adversary would to break into your systems.
What vulnerabilities exist in my systems? Do I need to worry about it? What could attackers do to me if exploited? What can I do to prevent this? All these questions can be answered with a penetration test.
Web Application / API
Make sure your bespoke web applications or APIs are resilient against attackers.
Internal
Find vulnerabilities from the perspective of an attacker inside your network.
External
Test your internet-facing servers and services against external threats.
Mobile
Find those hidden vulnerabilities lurking inside your custom made mobile apps.
Microsoft 365
Take a different approach to cloud security and have us investigate your Microsoft 365 tenant for real-world vulnerabilities with demonstrated exploits.
Continuous penetration testing
Year-round coverage of your attack surface ensures pentests are not just a “point-in-time” exercise. Pentest your newly developed application as soon as they are ready.
Detection alert testing
Volkis will deliberately set off alerts in a methodical way so you can see those alerts in action, allowing you to gain familiarity with the alerts and ensure they are working properly.
And more!
We employ various security experts with domain knowledge in less commonly penetration tested areas such as Wireless, Citrix, SCADA, or Desktop Applications. If you’re unsure, reach out!
Red Team Exercises
Volkis red team services will target your organisation over an extended period using skilled attackers, infrastructure specifically tailored to the engagement, and social engineering attacks to compromise sensitive information and core business services.
As close to a real-world hack as you can get, the engagement will be performed over a window period, usually 3-4 months. Our attackers will use drip scanning, passive investigation, and evasion techniques to get by your detection and response systems, breaking into your environment without being seen.
The targets will be information and systems that are relevant to your organisation and likely targets for attackers. Instead of targets such as “compromise an administration account”, we look for key business services such as your CRM, financial systems, critical applications, and your web infrastructure to identify real, meaningful impact to your organisation. This allows you to get into the minds of your adversaries and be better prepared for a targetted attack. It’s also an excellent opportunity to test your Incident Response plans against a seemingly real attack, putting your Blue Team’s skills to work.
Physical Intrusion
Sometimes the easiest way to get access to your sensitive data is to simply walk in and take it. Volkis’ physical intrusion services will test your organisation to see if that is possible.
Physical intrusion testing will test the resilience of your access control and physical protection systems to see if they can be bypassed or broken. Can your passes be duplicated by someone standing next to them in the elevator? Can someone simply walk through a back door or open a window?
Volkis will employ a variety of different attack types throughout the engagement to gain access. This can include:
- Social engineering
- Lock picking
- Door bypasses
- Badge cloning
If access is gained, the consultant will collect evidence to see what the impact from that physical access is. Depending on the rules of engagement, the consultant may take pictures of desks, access sensitive areas, or connect to the network using a laptop or a concealed network tap.
At the end of the engagement, the consultant will outline any weaknesses and provide actionable recommendations for improving the security of the physical premises. This could include improving access control, improving procedures and processes for handling entrants, or user education.
Modular services
Get more from your penetration tests
“Not just another penetration test.” Volkis does things a little differently by offering you a modular ecosystem of auxiliary services. These services can be combined with a penetration test to better meet your goals or to increase visibility. Just like the Power Rangers combined into a more powerful robot, our services combine to give a better, more accurate result!
Executive board briefing
We will create a custom, non-technical presentation to show the results of the penetration test to your execs in an easily understood way.
Code assisted testing
Find more vulnerabilities by providing us a copy of the source code. We use that code along-side our regular methodology to get you a better result.
Technical workshop
Skill-up your developers or system admins by going through the penetration test findings in technical detail. We’ll highlight how to avoid inadvertently creating these vulnerabilties in the future.
Custom reporting
Want us to contextualise risk into your own risk matrix? Prefer a CSV or Markdown format? We’re happy modify our report into something that will work best for you, or even report directly into your ticketing system.
Open but secure
One of our core philosophies is to be open but secure. Infosec doesn't need to be in the shadows and it's important that clients and others understand how and why we do things. Transparency is a big deal and our Handbook is one way we achieve that.
Our Handbook is a place where staff, clients, partners, colleagues and anyone with interest can go and see the inner workings of Volkis. We try to publish anything that isn't confidential!
Check out the HandbookMethodologies
Our technical penetration testing methodologies tell you how we perform our penetration tests. Although each engagement is different, the methodologies provide an overview of our high level processes, which we modelled of industry standards and our own experiences.
MethodologiesEngagement Guide
The Penetration Testing Engagement Guide is the standard we hold our consultants to for every engagement we do. You can hold us to these standards of excellence.
Engagement GuideSample Report
You can see our Penetration Testing Sample Report to understand what you're going to get out of your penetration test. Our professional report has all the information you need to remediate the vulnerabilities we find and is backed by a debrief and ongoing consulting.
Sample Report
Social Engineering
With Volkis social engineering exercises you can test the security awareness of your users, and incorporate the results into an ongoing security awareness programme.
Our social engineering capability includes: