Detailed Methodology

All of our penetration testing service offerings correspond to a reliable, repeatable, and highly tested proprietary methodology. The Emerging Defense methodology is designed to ensure that each and every assessment is performed to the Emerging Defense standard and produces valuable, actionable results regardless of the practitioner or target environment.

Phase I: Threat Profiling

Relevant Threats:
Ensure that testing activities accurately simulate real-life threats to the organization with consideration to a client’s particular business, industry, business partners, infrastructure/location, and size

Applicable Testing Scenarios:
Leverage our industry experience and research to develop high-level assessment objectives with a tailored strategy that balances testing activities and risk tolerance appropriately for an organization

Phase II: Target Identification

Enumerate target footprint through black box attacker techniques with no prior knowledge of the environment

Establish a cursory list of all device purposes and hosted services for prioritization

Phase III: Vulnerability Identification

Manual Analysis:
Perform covert manual testing to uncover high-impact vulnerabilities

Attack Simulation:
Take covert testing measures to circumvent or elude intrusion detection systems (IDS) that may be in place to avoid alerting systems staff to the testing, and enable the simultaneous assessment of IDS systems and response procedures

Baseline Analysis (by request):
Identify any remaining known public and low-risk vulnerabilities through limited automated overview

Phase IV: Intrusion Testing

Exposure Exploitation (optional):
Leverage vulnerability identification data to iteratively and progressively exploit vulnerabilities with the intent of gaining unauthorized access to data, systems, or networks

Impact Demonstration and POC:
Demonstrate, through proof of concept (optional), and document the associated real-life organizational impact of the exploitation of all identified vulnerabilities

Phase V: Recommendations

Risk Rating Identification:
Categorize assessment findings and assign each finding a comprehensive risk rating from Emerging Defense’s proprietary risk matrix (Emerging Defense Risk Matrix)

Quick-Fix Solutions:
Provide quick-fix technical solutions for IT staff remediation of point-in-time vulnerabilities identified during the assessment

Strategic Solutions:
Provide high-level strategic recommendations with an accompanying root cause analysis to prevent the reoccurrence of categorical assessment findings



Penetration Testing

latest tweets @EmergingDefense

2 days ago Shadowbrokers released passphrase to decrypt equation group files

5 days ago Solaris rpc.cmsd remote root exploit (TAO's EASYSTREET) #0day #zeroday

9 days ago This particular feature is also done within Office VBA and no external WMI, PowerShell, or Win32 API calls.

Follow Us >

newsletter signup

Sign up for our newsletter