In this stage we perform detailed reconnaissance about the application, its architecture, features and security controls. Certain inputs are also sought from the Devt. team.

Based on the information collected we devise a full scale “Red Team” approach to mimic real time attacks. To minimise the impact we plan the attack, either on dummy environment or during times of lowest network activity (lowest traffic).

In this stage, we run vulnerability scanners to look for possible vulnerabilities and common vulnerabilities related to the platform, APIs, technology framework etc.

Here we run exploits on the application to evaluate its security. We use custom scripts, open source exploits and in-house tools to achieve high degree of penetration.

We generate concise and succinct reports of vulnerabilities discovered along with discussion on the nature of vulnerability, its impact, threat level and recommendation to remove the vulnerability.

Our technical experts discuss the report, along with bugs found, and their impact scenario with the development team of the client. Comprehensive discussions are carried out on how to remove vulnerabilities and harden the application.

Effective communication with the client organization is emphasized here to create an operating environment comfortable to both parties. During this phase, we accomplish all of the following:

• Outline which assets of the organization are open to be scanned and tested.
• Discuss exclusions from the assessment, such as specific IP addresses or services
• Confirm the official testing period and timezones, if relevant

Xcellhost ’ pentester collect as much information as they can on the target, employing a myriad of OSINT (Open Source Intelligence) tools and techniques. The gathered data will help us to understand the operating conditions of the organization, which allows us to assess risk accurately as the engagement progresses. Targeted intelligence might include:

• External network IP Addresses and Hosting Providers
• Known credential leaks
• Domains in use by the organization
• Misconfigured web-servers and leaked data
• Misconfigured web-servers and leaked data

In this phase, we utilize a variety of automated tools and scripts among other methods of advanced information gathering. We also take the time to closely examine all possible attack vectors. In the next stage, this gathering and planning will be the basis for our exploitation attempts.

• Enumerating subdomains and directories
• Open ports or services
• Checking possible misconfigurations against cloud services
• Correlating publicly and proprietary vulnerabilities with applications on the network

After careful preparation, focus turns to exploiting the discovered network vulnerabilities. Xcellhost engineers begin working to prove the existence of conceptual attack vectors while preserving the integrity of the network. At this point in the engagement, we begin the following tasks

• Compromising sandboxes and test environments
• Using breached credentials or brute force to access privileged information
• Combining attack vectors to pivot across the network or escalate our position in it

Reporting is critical to the success of the assessment, as it provides the lasting documentation to share with management and vendors. Each report is customized to the specific scope of the assessment and risk based on the individual organization. The reports are intuitive to read, but thorough in the findings. In addition, each vulnerability includes a detailed remediation strategy. Some of the elements that you will find in our reports include:

• An executive summary for strategic direction
• A walkthrough of technical risks
• Multiple options for vulnerability remediation
• The potential impact of each vulnerability

As an additional service, Xcellhost Security Labs will revisit an assessment after an organization has had some time to patch vulnerabilities. We will retrace our steps from the engagement to ensure changes were implemented properly.

Our engineers will also search for new vulnerabilities associated with the updates, such as misconfigurations in the network or flaws in a new software implementation. At this point, we will update our previous assessment to reflect the new state of the system.