pentest service

Home » Cybersecurity Services » Penetration Test Service

บริการทดสอบเจาะระบบ และ จำลองการโจมตีทางไซเบอร์ 🇹🇭

What you need to understand first about penetration test service, especially from CYNIUS, is it has 2 primary goals.

First is to ASSESS your cyber-systems for associated attack paths so that you can strategically response to threats associated with each path. You can incorporate the result into your Cyber Risk Assessment process.

Secondly, after any control or remediation effort has been implemented, the service can ASSURE your solutions are effective, therefore compliance with your chosen or regulatory body is achieved.

Our service is the simulation of Advanced Persistent Threat (APT) level. The service does not tie to scanning tools and requires testers’ cutting-edge and out-of-the-box methodology that properly models cyber-threat against your business.

If you are looking for merely a checklist assessment or a vendor that would just handed you a tool-scanned report and call it a “Pentest Report” then we are not the right fit. We do not provide such solution for you.

Our Approach

Edge, expertise, experience and hacker mindset are believe to be essential for a penetration tester. While we, as a team, possess all that qualities, they are not what gets the job done as a penetration tester (Pentester).

Pentesters face limitations real threat actors do not, may it be time or money (you do not plan to spend infinite money on a pentest project, do you?). So we channel our inner hackers through processes derived from industry accepted methodologies to achieve assessment and assurance outcomes in the most efficient way possible.

Penetration Test, Cyber Attack Simulation, MITRE ATT&CK, PTES, ทดสอบเจาะระบบ, Red Teaming, Purple Teaming, i-Pentest

Pre-Engagement : Understanding your pain point(s) and define the Rule of Engagement (RoE) together are imperative. As mentioned earlier we need to address your and your stakeholders concern with definite resource and time.

Reconnaissance/Intelligence Gathering : Depends on the context of the test, this phase aims to gather relevant information about the Target of Evaluation (ToE). So that we understand all or most relevant paths (i.e. attack surface) that can be used to gain access to the ToE.

Threat Modelling : We model possible threat events using information obtained from the previous phase to plan for the attack (penetration test)

Vulnerability Analysis : We identify, scan for, and analyze potential vulnerabilities associated with each attack path that could realize the threat events identified earlier. At the same time, we prepare and calibrate our tools or create a new ones if need to.

Exploitation : We perform various actual attacks prepared in the earlier phase and refine our approach as appropriate. Any successful attack will be recorded with their root cause or vulnerability.

Post-Exploitation : We assess how a successful exploitation impact the ToE. Generally, we classify the impact in term of Disclosure, Alteration, and Destruction (DAD). DAD is the opposite of CIA (Confidentiality, Integrity, and Availability). We also calculate and assign risk level to each of our finding. Our risk rating methodology is qualitative and derived from NIST SP 800-30 Rev. 1Guide for Conducting Risk Assessments.

Reporting : Finally, we communicate our findings to the client and prepare detailed penetration test report. The key point is we make sure every critical stakeholder understands and is informed with actionable information. We will be with you until you are sure that your obligations are fulfilled, this is our obligation.

Our Team

Black Dragon Team® members are providing penetration test service. You might want to check them out, they’re cool. The point is that you are going to work with the team that dedicate themselves to cyberspace with proven skillset, experience and determination.

Moreover, our position in the industry is to be the trusted advisor that guide our clients (partners) through the darkness of cyberspace.

Ready to be the chosen one and win the cybersecurity arena?