Network Security Audits

Our SSL/TLS vulnerability audits include scanning for:

OpenSSL Heartbleed: The Heartbleed vulnerability affects all web servers that use OpenSSL versions 1.0.1-1.0.1f and permits an attacker to read up to 64k of server memory.

SSLv3 POODLE: This vulnerability may allow an attacker who is already man-in-the-middle (at the network level) to decrypt the static data from an SSL communication between the victim user and a vulnerable server. The attacker will probably try to obtain the HTTP cookies or other static data.

OpenSSL DROWN: The DROWN attack (Decrypting RSA With Obsolete and Weakened Encryption) can decrypt modern TLS sessions between a client and a server if that particular server (or another server that shares the same SSL certificate) supports SSLv2 cipher suites.

TLS ROBOT Attacks: The Return Of Bleichenbacher’s Oracle Threat (ROBOT) Attack is a variation of the classic Bleichenbacher attack against RSA – which is one of the encryption methods used by TLS. A successful attack permits an attacker to decrypt the communication between a user and a server if this communication was encrypted with an RSA cipher.

We detect open TCP/UDP ports, running services (including their versions) and does OS fingerprinting on a target IP address or hostname.

We map your network perimeter, check firewall rules and verify if your services are reachable from the Internet. Based on Nmap, it performs accurate port discovery and service detection.

The main advantage of using an online version of the Nmap port scanner versus using it on your local machine is that it gives you an external view of your systems as they are seen by any hacker from the Internet. If you do the same scan from your internal network you may obtain different results because of various firewalls and network restrictions. Furthermore, our port audits are:

• Already configured and ready to run
• Periodically upgraded
• Gives you a useful report that you can share with management or stakeholders

Even though UDP services are less popular than TCP services, having a vulnerable UDP service exposes the target system to the same risk as having a vulnerable TCP service.

Hence, discovering all open UDP ports is important in a penetration test for achieving complete coverage of the security evaluation.

Behind the curtains, Nmap sends UDP packets to each port specified in the parameters. If the target responds with ‘ICMP port unreachable’, Nmap can be sure that the port is closed. Otherwise (no response received), the scanner cannot know if the port is open, firewalled or if the packet was lost on the way. In this case, Nmap will show you the status open|filtered for that port.

Our password auditor is an autonomous password auditing solution for network services and web applications.

Its purpose is to automate the manual work performed when using tools such as Medusa, Hydra or Ncrack by automatically detecting the services which require authentication and launching the password audit with the right parameters.

One of the unique advantages of our tool is that it automatically detects web forms in web applications and it automatically attempts to login with default and weak credentials. It has the capability to detect if a web form authentication was performed with success or not.

As a result, you can easily find web interfaces with weak passwords (ex. Jenkins, Tomcat, PhpMyAdmin, Cisco routers, etc) together with network services as SSH, FTP, MySQL, etc, having default credentials.

Subdomain Takeover is a type of vulnerability which appears when an organization has configured a DNS CNAME entry for one of its subdomains pointing to an external service.

Examples include: Heroku, Github, Bitbucket, Desk, Squarespace, Shopify, etc but the service is no longer utilized by that organization.

An attacker could register to the external service and claim the affected subdomain.

As a result, the attacker could host malicious code (ex. for stealing HTTP cookies) on the organization’s subdomain and use it to attack legitimate users.

DNS servers should not permit zone transfers towards any IP address from the Internet.

Since zone files contain complete information about domain names, subdomains and IP addresses configured on the target name server, finding this information is useful for increasing your attack surface and for better understanding the internal structure of the target company (ex. find test servers, development servers, hidden domains, internal ip addresses, etc)

Information gathered from zone files can be useful for attackers to implement various attacks against the target company, like targeting test or development servers which are less secure.