Home
Wireless
Penetration Testing

Wireless Penetration Testing allows you to identify where
weak-points exist in your wireless security.


Wireless Penetration Testing

  • Highly trained and certified wireless specialists
  • Proven penetration testing methodology
  • Covers all wireless technologies
  • Optional on-site retest

Wireless Penetration Testing Service

Wireless Penetration Testing allows you to identify where the weak-points in your wireless security are. It is considered as best practice by numerous ISO standards and as a requirement of business by PCI-DSS, FCA and other regulatory bodies to have a Penetration Test carried out at least annually by a competent, independent external third party.

Conducting Penetration Testing against your wireless infrastructure will allow you to ascertain how well protected your wireless users and guests are, and how resistant the infrastucture is to attack.

We carry out a wide variety of attacks against your wireless setup and users in order to isolate potential issues with configuration, security and setup. As with all our penetration testing methods after completion you'll be provided with a report highlighting all the weaknesses and configuration issues discovered.

Wireless Testing Methodology

Our wireless penetration method covers 3 main areas, Discovery, Assessment and Exploitation:

  • Discovery: We start by exploring the wireless infrastructure finding out the protocols in use, how the network is configured, the network boundaries and authentication methods.
  • Assessment: With an understanding of the wireless infrastructure we can start to probe and test its capabilities to help us identify vulnerbilities in the configuration and setup.
  • Exploitation: Having tested the infrastructure and found any loopholes we now begin exploiting them with a view to showing you the impact and scope of the issues found and presenting you with a demonstration of our attack method.

We Love Reporting

Reporting is vitally important to every penetration test. We often get asked by clients why one third of the time assigned to a test is dedicated to creating the report, and the answer is simple. The report is the single tangilble piece you receive at the culmination of your penetration test.

We approach reporting in a different way to many of our peers. Your main report is split into three sections.

  • Executive Report
  • Technical Report
  • Vulnerability Report

While these three sections consititute the Penetration Test Report, we also provide you with a CSV file containing all the verified vulnerabilities to aid your technical teams in the remediation of the vulnerabilites.

Wherever possible, we also include links to downloadable video files for particular exploits so you can watch the penetration tester performing the exploitation and understand how the exploitation works.

All of this combined provides you with the most comprehensive penetration test report available to date.

Our Methodology

Our methodology is based on the Penetration Testing Execution Standard.

Defining scope is arguably one of the most important components of a Penetration Test, yet it is also one of the hardest. While defining your scope, we will require a technical scoping call between one of penetration testers (usually the tester who will be doing the work) and your technical team. This is so we can understand what you want testing, what you need testing, the boundaries of the testing and what is within scope. It is very important to us to also discover if there is anything that could be adversely affected by the testing.

We will also look to understand what you want out of the test. Is it a test to satisfy your clients or regulators etc. This way we can produce a set of reports following the test that are best suited to your circumstances.

This section defines the Intelligence Gathering activities of a Penetration Test which is usually carried out as the first activity following the placement of an order. The purpose of this is to provide the tester with a working methodology designed specifically for performing the test. This part of the engagement produces a document that most clients never see, detailing the thought process and goals of the penetration test.

The Intelligence Gathering process can be broken down into the below areas:

Compliance Driven Engagement: This is mainly a click-button information gathering process using a series of automated tools and is done to support tests being undertaken for PCI-DSS / FCA / HIPAA etc.

Best Practice Engagement: A good understanding of the business, including information such as physical location, business relationships, organisation charts etc. are gained and added to the test notes. For physical security testing this would involve reconnaissance on opening hours, the comings and goings of staff and possible methods of entry. This is really valuable when conducting a test against a harder target or a business that is looking to take security and defence to the next level.

Continual Cyber Assurance: These Penetration Tests require greater levels of information and build on the previous two with a lot of manual analysis. Detailed information on social networks, heavy analysis of open source intelligence data sets, deeper understanding of business relationships are undertaken over a large number of hours to accomplish the gathering and correlation.

Vulnerability Analysis is the process of discovering flaws in systems and applications which can be leveraged by an attacker or your Penetration Tester. These flaws can range anywhere from host and service misconfiguration through to insecure application design. Although the process used to look for flaws varies and is highly dependent on the particular component being tested, some key principals apply to the process.

When conducting vulnerability analysis the tester will properly scope the testing for applicable depth and breadth to meet the goals and/or requirements documented in the Pre-Engagement scope section of work. Depth values can include such things as the location of an assessment tool, authentication requirements, etc. For example, in some cases it maybe the goal of the test to validate mitigation steps are in place, working and the vulnerability is not accessible. In other instances the goal maybe to test every variable with authenticated access in an effort to discover all applicable vulnerabilities.

Whatever the scope, the testing is tailored to meet the depth requirements to reach your specified goal. Depth of testing is always validated to ensure the results of the assessment meet the expectation (i.e. did all the machines authenticate, etc.). In addition to depth, breadth must also be taken into consideration when conducting vulnerability testing. Breadth values can include things such as target networks, segments, hosts, applications, inventories, etc. The breadth of testing is always validated to ensure we have met your testing scope (i.e. was every machine in the inventory alive at the time of scanning? If not, why).

The exploitation phase of a Penetration Test focuses solely on establishing access to a system or resource by bypassing security restrictions. As a considerable amount of vulnerability analysis will have been performed prior, this phase is well planned and precise. The main focus is to identify the main entry point into the organisation and to identify high value target assets.

During this phase we may take on the persona of the main chaotic actors that could affect your business. This may be an external attacker that has gained access and wishes to proceed quietly and un-noticed or it may be an internal attacker who is not too particular about the amount of noise created. We may even take the persona of malware, simulating a malware attack that was successful in the initial stages following a phishing attack.

The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network. The methods described in this phase are meant to help the tester identify and document sensitive data, identify configuration settings, communication channels, and relationships with other network devices that can be used to gain further access to the network, and setup one or more methods of accessing the machine at a later time. In cases where these methods differ from the agreed upon Rules of Engagement, the Rules of Engagement must be followed.

This is the most important area for you. This is where we bring together all the information we have gathered into a document. A report is typically split into three parts:

Executive Report: This is a high level non-technical report and delivers the main messages of the test results. This section is heavy on management level terminology, charts and graphs.
Penetration Test Report: This is the critical information around your Penetration Test. Here we document what we did, how we did it and whether or not it was successful.
Technical Report: This is the technical detail on each of the issues found and an overview of how to fix the issue.

Completing the reporting phase can take up to a week as we have a highly robust 3 stage Quality Assurance process.

Frequently Asked Questions

  • Penetration Test or Vulnerability Assessment, I'm confused. What do I need?

    Great question. The vulnerability assessment is akin to looking at a house and writing down the make of the locks, the location of the doors and windows. All the time checking to make sure they are closed and see if they are locked or not. A penetration test will attempt to pick those locks, open the doors, see what is behind them. The good penetration test will also try to build tunnels from the house to their house, create an inventory of all your possessions and many other things besides. We get a lot of questions asked of us regarding Penetration Testing. We have tried to gather as many of the frequently asked questions together here.

  • I have a mate who can test, what makes you better?

    Almost everyone has a friend, peer, colleague who understands a little about security. We test 7 days a week, 365 days a year and each tester spends a third of their time at conferences, on course and doing research to stay at the top of their skill set. It is like comparing a race car engineer (the penetration tester) to a car garage engineer (the IT generalist with some tools) to the home garage hobbyist (the friend). Occasionally, the friend will have excellent levels of skills, but is this the exception, not the norm.

  • What tools do you use for a penetration test?

    Our primary "tool" is the Mk1 Human. In our testers arsenal are over 200 opensource tools bolstered by more than 50 internally developed tools. On an average penetration test, 20% of the testers time will be spend working with tools. These are important for covering a lot of digital ground in a small amount of time.

  • How often should we have a Penetration Test?

    The best practice guideline is at least annually but it really depends on what it is you are testing. If your environment is static and does not change, and you perform monthly vulnerability scans then you are reasonably safe in having a penetration test every three years. If you are including applications within your test scope, that change often, then you should be testing those applications separately after development and before UAT.

  • I want a Penetration Test, how much will it cost?

    In order to determine the cost, we need to have a discussion about the scope. While some firms will give you a quote blind, it is like asking a painter to paint a building in London without knowing which building and what type of paint. There are a lot of variables and these can only be fleshed out via a scoping conversation with one of our test team leaders.

  • How do we know you are any good?

    For the first engagement this is always a worry for clients. We are a CREST member company with a number of OSCP and OSCE qualified staff. Our engineers have a wide variety of experience covering multiple disciplines. Have a look at our testimonials to see what our clients think. But the main thing is we actually care about our clients and their security.

  • When do you issue the certificate?

    We typically issue the certificate after we perform the re-test, if included. This allows you to fix any issues we identify in the initial penetration test.