Cyber Security Services
SUMMIS Global can deploy anywhere in the UK, 24hrs a day, 365 days a year and worldwide at short notice
Summis Global Cyber Security Team
The Summis Global Cyber Security Team has extensive experience of working across broad range of e-business technologies in a global environment. We provide cyber red team, penetration testing and vulnerability assessments to a diverse range of public sector organisations from major telecommunications providers to television production companies. Our customers trust us to safeguard their information and business reputation, both from inadvertent compromise and malicious attacks
Through the use of strict state-of-the-art professional “hands-on” processes and procedures we are able to conduct all technical aspects of computer security, red teaming, penetration testing and vulnerability analysis from an external (Internet) and internal (Intranet) perspective.
The team maintains an extensive toolkit of commercial and proprietary tools. Using these tools and the experience of our team, vulnerabilities and exposures will be reported in the most appropriate and succinct manner, while removing as many ‘false positives’ from the final results, to allow the customer to focus on the real issues without distractions and wasted effort.
Our consultants are highly skilled and have passed several industry-related certifications such as CISSP, OSCP and OSCE.
Cyber Red Team
- Perform extensive open source intelligence gathering to identify Internet facing systems, physical locations and people of interest within the organisation
- Using intelligence gained to identify possible attack vectors
- Perform external electronic attacks with the intention of compromising externally facing infrastructure to gain access to the internal network. These attacks include:
- Web application hacking
- Network infrastructure hacking
- Exploitation of Cloud services
- Email, SMS and voice phishing campaign
- In collaboration with the Summis Physical Security team perform reconnaissance and surveillance against a client’s offices to identify security controls and possible ingress points
- Exploit physical and social vulnerabilities to gain access to client premises (RFID cloning, tailgating, lock exploitation etc.)
- Deploy devices on to the internal network to use as a secure jump off point to aid in further network exploitation activities. These activities could include the following:
- Simulate the presence of an Advanced Persistent Threat on the internal network.
- Establish command and control
- User privilege escalation
- Safe network exploitation
- Expand the sphere of influence and gain control of key infrastructure (Active Directory, backups, email and file servers etc.)
- Exfiltration of customer data
- Working as a malicious employee within an organisation to identify internal weaknesses
- Perform discreet network reconnaissance
- Deploy hardware devices on to the internal network (Dropbox, hardware keylogger)
- Gain unauthorised access to various systems, networks or applications
- Attain access to business sensitive information and user credentials
- Safely exploit verified network vulnerabilities
- Get unauthorised physical access (server rooms, CEO’s office, boardrooms etc.)
- Install discreet video and audio listening devices in sensitive locations
- Network and infrastructure vulnerability assessment:
- Perform network reconnaissance
- Enumeration of live hosts
- Analyse for potential vulnerabilities
- Test for possible configuration errors
- Attempt manual safe exploitation
- Web application assessment
- Security evaluation of client web sites and applications
- Identification of web vulnerabilities such as:
- SQL and Command Injection
- Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
- Weak authentication and poor session management
- Separation of privilege
- Forced browsing
- Exposure of sensitive data
- Reverse Engineering and black box testing of closed source software to identify previously unknown vulnerabilities.
- Source code audit to identify software security vulnerabilities.