We use a structured approach to penetration testing which is based on the Open Source Security Testing Methodology Manual (OSSTM) and Open Web Application Security Project (OWASP) Testing Guide.

At the conclusion of an engagement we present the client with a detailed report. This report presents the identified security issues in an easily digestible format with a focus on the risk and impact to the business of a particular vulnerability being realised. ZX Security often works with their clients pre-defined risk matrix to ensure an accurate likelihood and impact is quantified. Technical recommendations are also presented which are operationally focused to assist your staff in remediating the issues found.

Example Engagements

External Penetration Test

ZX Security will review your presence on the Internet and your susceptibility to being compromised, either through misconfigured, unpatched or insecure servers. Access to administrative interfaces, webmail and RAS portals will also be attempted through weak passwords and those collected from recent data breaches. An external penetration test differs in scope to a red-teaming exercise in that no correspondence is entered into with staff members (i.e. phishing)

Internal Penetration Test

When conducting an internal penetration test our consultants are typically given a connection to the corporate network without any additional knowledge of the environment. The goal of the consultant is to make their way through the network, obtain administrative permissions and determine if the security team monitoring the network have the ability to detect and/or stop the intrusion.

Red Team Engagement

A red-team engagement often has a very wide scope in that both people and systems are available to be tested for security weaknesses. The engagement is often undertaken by multiple consultants with only key personnel from the target organisation aware that testing is being conducted. A red team may trigger active controls and countermeasures, also testing the operational security response to a real-life intrusion.

Web / API Application Penetration Test

A pre-defined scope of a particular website(s) or API is provided and it is tested for common web application security vulnerabilities. Testing is typically authenticated where we are provided with valid credentials. Role-based Access Controls (RBAC) will also be tested where the attacker with a username and password tries to access resources not permitted by their role.

Mobile Application Security Review

Both Android and iPhone applications can be reviewed for security issues that may allow an attacker access to your systems or to circumvent controls that would otherwise be present in your regular web applications.

Source Code Review

Source code is reviewed first using automated tools, then manually by a human to identify common coding issues, backdoors and security flaws.

Corporate WiFi Penetration Test

Your WiFi network will be reviewed for weak or absent passwords, network-separation controls to ensure non-corporate users remain detached from the corporate network and that certificate-based authentication has been robustly implemented.

Host Hardening Review

A host configuration review will consist of multiple steps including:

  • Ensuring that NZISM guidelines for server hardening have been applied (for Government clients, or those dealing with the Government).
  • Determining if all applicable patches have been installed and that antivirus is working and updates scheduled.
  • Ensuring any 3rd party applications installed on the server (e.g. backup agent) have had all applicable security patches installed
  • Reviewing the use of administrative privileges on the server

Radio Spectrum Hacking

ZX Security have a wide range of Software Defined Radios (SDRs’) which can emulate full duplex radio signals anywhere from 10Mhz to up to 6Ghz. Common uses for this technology include:

  • GSM base station emulation – this can be used to intercept and inspect GPRS traffic between a cellular device and the Internet. It can also be used to detect the effectiveness of IMSI catcher catchers.
  • GPS emulation – for devices that rely on GPS to triangulate their location or synchronise time, we can test what happens when time rolls backwards or the GPS location is changed.

Cloud Security Review

The cloud security assessment is typically conducted against one of the following platforms (although we support others):

  • Google Cloud
  • Amazon AWS
  • Microsoft Azure

The review will identify who has access to the provisioned servers, whether two-factor authentication is enabled, what security groups and rules have been defined, logging configuration and shared storage access. Any additional security controls available by the vendor will also be reviewed for applicability.