Advanced Penetration Testing For High Security Environments

For entities whose wireless networks are accessible to potentially malicious actors, Comodo Dragon Labs can perform wireless penetration testing. This includes any organization that provides public, guest, or temporary Wi-Fi access and who’s wireless network is used for the transmission of sensitive data or is connected to an internal network.

Are your data assets that are available on your internal network valuable enough for a determined advisory to send a malicious actor into your organization? For those organizations that do indeed face such a threat, Comodo Dragon Labs can perform an internal assessment. After learning the requisite skills and applying successfully for a position within the organization (or gaining physical access employing some similar arrangement with upper management such as a consulting role) our team member will surreptitiously assess any internal networks to which his workstation can connect. Direct, face to face social engineering of employees or security personnel as well as unauthorized physical access to restricted areas such as server rooms may also be performed.

The estimate of data-breach frequency has been a reality for some time now. As such, better coding and software security standards have evolved. This makes web, application, and network-based attack vectors less common and more difficult to exploit successfully. In response, attackers have turned to other methods of compromise such as social engineering. Per Wikipedia “Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.” Attacks come in many forms, all which Comodo Dragon Labs can execute.

In a phishing campaign, an email containing content designed to manipulate and/or send a malicious payload to many recipients at a target organization. Following the instructions or performing an action (such as clicking a link or running a macro) will give an attacker control of the victim’s workstation. Comodo Dragon Labs hackers’ skill sets are not limited solely to technology. We seek and employ only individuals with diverse interests and backgrounds, especially those with experience in the Arts. This provides the strong creativity required to devise an email related to a target organization’s industry or sector that will not simply promise some random reward for clicking a link but rather vastly increase the likelihood of targeted users’ falling prey.

In some cases, a target entity’s data assets are sufficiently attractive to attackers that they will spend the time and effort to target specific individuals within an organization with phishing emails designed specifically for them. After gathering intelligence against a individual, an email tailored to their interests, traits, or habits will be crafted and sent. This attack vector, although time-consuming, is extremely effective.

Mature environments’ IT infrastructures have been thoroughly tested and their security teams are highly accomplished at maintaining their security stacks. Software is kept up to date and secure with effective patch management strategies at every level. Servers are scanned regularly for vulnerabilities, workstations run the latest endpoint protection and most phishing attacks are thwarted by effective albeit resource-intensive anti-spam solutions. Comodo Dragon Labs team members are not solely technology experts. Our backgrounds include military, intelligence, and prior relationships with law enforcement. Our tradecraft includes fully undetectable accents in three widely spoken Western languages as well as very strong telephone and public speaking skills. For those organizations that face this category of threat, we’ll phone you.

For entities whose threat models include highly determined adversaries with considerable resources in addition to wide skill sets and where the physical security of their data assets is a concern, Comodo Dragon Labs can provide physical penetration testing. Whether through personal effectiveness, interaction and intercession skills used for face to face social engineering or over 40 years experience in black bag operations and extensive training in physical penetration and electronic access control hacking, if your organization faces a physical threat, we can simulate it.

For entities, such as utilities, transportation centers, medical facilities or any other whose industrial systems include supervisory control and data acquisition systems, the Dragon Labs team has training and experience for assessing their security. From business analysis and target selection to direct manipulation of controller environments, we can assess the overall security of your industrial infrastructure with minimal or no business impact. Unlike the other categories described above, we limit our level of exploitation to proof-of-concept.