ZX Security

Penetration Testing

Identifying security vulnerabilities in your applications and systems

Background

External, internal, Wi-Fi, web app or API, ZX pentesters can assess your people, processes and systems for weaknesses to help identify potential risks.

We use a structured approach to penetration testing which is based on the Open Source Security Testing Methodology Manual (OSSTM) and Open Web Application Security Project (OWASP) Testing Guide.

At the conclusion of an engagement we present the client with a detailed report that presents identified security issues in an easily digestible format with a focus on the risk and impact to the business of a particular vulnerability being realised.

ZX Security often works with their clients’ pre-defined risk matrix to ensure an accurate likelihood and impact is quantified.

Technical recommendations are also presented which are operationally focused to assist your staff in remediating the issues found.

Services

  • External Penetration Test

    ZX Security will review your presence on the Internet and your susceptibility to being compromised.

    During testing we will determine whether your servers have the latest security updates installed and if they have any misconfigurations that could be taken advantage of by an attacker. Access to administrative interfaces, webmail and remote access portals will also be attempted by guessing passwords and testing those collected from recent data breaches.

    An external penetration test differs in scope to a red-teaming exercise in that no correspondence is entered into with staff members (i.e. malicious phishing emails are not sent)

  • Internal Penetration Test

    When conducting an internal penetration test our consultants are typically given a connection to the corporate network without any additional knowledge of the environment.

    The goal of the consultant is to make their way through the network, obtain administrative permissions and determine if the security team monitoring the network have the ability to detect and/or stop the intrusion.

    In some cases the client will provide ZX Security with a particular target, such as the CEO’s email inbox, or a database containing credit card data.

    OT / SCADA Network

    ZX Security has worked with a wide range of companies running Operational Technology (OT) or Supervisory Control and Data Acquisition (SCADA) networks. We understand the critically of these systems and the impact that may be realised if they are compromised.

    We have extensive experience testing these systems and understand how delicately you need to tread when assessing them. Work can be scheduled outside of business hours to suit maintenance / outage windows, ensuring any potential business impact is minimised.

  • Red Team Engagement

    A red-team engagement has a very wide scope in that people, systems and buildings are tested for security weaknesses. The engagement is often undertaken by multiple consultants with only key personnel from the target organisation aware that testing is being conducted.

    A red team may trigger active controls and countermeasures, also testing the operational security response to a real life intrusion.

    As with an internal penetration test, a key objective for the engagement may be defined. This may be a particular target, such as the CEO’s email inbox, or a file share containing intellectual property.

  • Website Penetration Test

    A pre-defined scope of a particular website(s) is provided, and it is tested for common web application security vulnerabilities. Testing is typically unauthenticated in that the attacker does not have valid credentials. Authenticated testing can also be performed if the attacker with a username and password tries to access resources not permitted by their role.

  • API Penetration Test

    If you are deploying a new API for your customers or third party integrators, we can review all methods for vulnerabilities, including the authentication mechanisms.

  • Mobile Application Security Review

    A mobile security review will take an application provided by your organisation and review it for security issues, insecure storage of information and the permissions it requires to operate.

    ZX Security has capability to review both Android and Apple iOS mobile applications.

  • Source Code Review

    The code for your application is reviewed first using automated tools, then manually by a human to identify common coding issues, the presence of backdoors (malicious or otherwise) and security flaws. We have experience in a wide range of programming languages.

  • Wi-Fi Penetration Test

    Guest, Mobile (or BYOD) and Corporate networks can be probed to determine if a rogue contractor or visitor can gain access to corporate resources. Your Wi-Fi network will be reviewed for weak or absent passwords, network-separation controls to ensure non-corporate users remain detached from the corporate network and that authentication has been robustly implemented.

  • Host Hardening Review

    A host configuration review will consist of multiple steps including:

    • Ensuring that the GCSB Information Security Manual (NZISM) guidelines for server hardening have been applied (important for customers selling services to the NZ Government).
    • Determining if all applicable software updates have been installed and that antivirus is working and updates scheduled.
    • Ensuring any 3rd party applications installed on the server (e.g. backup agent) have had all applicable security updates installed
    • Reviewing the use of administrative privileges on the server

  • Phishing Exercise

    Phishing is an attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. ZX Security runs sanctioned phishing campaigns with the goal of educating users to the dangers of these types of attacks. An email will be sent to staff which entices them into entering their corporate username and password. Once captured, statistics are collated and a report generated for the management team.

    ZX Security recommends the phishing process occur multiple times over the course of a year. A continual cycle of planning, education, assessment, measurement and reinforcement are recognised by the industry as the most effective way to increase awareness.

  • Specialist Testing

    We focus on practical, real-world attacks that are used by criminals at various degrees of sophistication to give you a deeper understanding of the exact security your system provides. We also use our traditional red teaming knowledge to attempt side-channel attacks that completely bypass these systems where possible. Our report will include detailed recommendations in order to mitigate or plan for any issues that arise from testing, along with a detailed approach that shows the full extent of all attacks attempted.

    • Biometric Testing (facial & voice recognition, including liveness)
    • Hardware Hacking (firmware reverse engineering, serial interface access, power glitching)

    Radio Spectrum Hacking

    ZX Security have a wide range of Software Defined Radios (SDRs’) which can emulate full duplex radio signals anywhere from 10Mhz to up to 6Ghz.

    Common uses for this technology include:

    • GSM base station emulation - this can be used to intercept and inspect GPRS traffic between a cellular device and the Internet. It can also be used to detect the effectiveness of IMSI catcher catchers.
    • GPS emulation - for devices that rely on GPS to triangulate their location or synchronise time, we can test what happens when time rolls backwards or the GPS location is changed.

Approach

  1. Initial Scoping
    ZX Security will work with the customer to identify the type of engagement you require, the systems that are in-scope and the testing timeframes.
  2. Statement of Work
    The customer will be sent a statement of work which outlines the testing that will be conducted, estimated timeframes, scheduled dates and the costs for the engagement.
  3. Engagement Initiation
    Upon either verbal agreement, or signing of the statement of work, the engagement will commence. Testing requirements that were requested should be provided to ZX Security at this stage.
  4. Penetration Testing
    ZX Security will perform testing using industry recognised testing methodologies to deliver the outcome of the engagement. Any high-risk issues that are identified during the course of testing will be escalated to the project owner as soon as they are discovered. This allows for both prompt resolution and the ability for the client to react quickly and resolve a risk before it becomes an incident.
  5. Project Management
    If agreed with the customer, project management resources may be brought in to ensure testing requirements have been provided, activities are tracked and the overall project status reported upon.
  6. Integration with Bug Tracking
    As an optional extra, ZX Security can integrate with your bug tracking system (e.g. Jira) to lodge security issues as they are identified.
  7. Report Delivery
    A report will be delivered to the customer outlining the findings from the ZX Security engagement
  8. Follow-up Meeting
    If requested by the client a follow up meeting can be scheduled to go over the findings, often with the developers in attendance. This service is provided free of charge.
  9. Feedback and Continuous Improvement
    A feedback survey will be sent to capture the customers overall experience with ZX Security from engagement start to end.
  10. Invoicing
    ZX Security will invoice the customer for the work undertaken.