Objective-Based Penetration Testing (OBPT)

The Objective-Based Penetration Test (OBPT) is a bundle that includes our thorough Infrastructure Penetration Testing service offering. OBPT adds context and specific testing for more goal-oriented security. Define your goals, such as gaining access to your most critical data or domain admin, and our ethical hackers will provide a narrative of how an attack was carried out and the methods used. This will enable your in-house team to identify and address any security vulnerabilities. OBPT is a comprehensive penetration test that includes adversary simulation for added security assistance.
What you'll get:
Social engineering scoped to your preferences (phishing, vishing, tailgating, device drops)
Active directory assessment to identify weaknesses in passwords and configurations
Ransomware assessment that will identify potential impacts of a ransomware attack with the current configuration and security controls
A thorough penetration test across your infrastructure
Identify how far a compromised credential can take an attacker. We test captured credentials against externally exposed assets as part of our phishing (e.g., emails, VPNs, and management portals)
Test end-point anti-malware capability against ransomware propagation techniques to identify if your controls are capable and configured correctly
Set specific goals you would like the ethical hacker to target within your environment (including people)
Narratives are constructed to demonstrate the business impact of the objective being completed and helps senior leadership understand risks without the technical jargon.
Leverage the Infrastructure Penetration Test results to target the achieved objectives that are then chained back to the respective findings to connect the dots
Identify threats to a single compromised password or internal end-point
Approach an objective from all angles to ensure that information remains secure.
We simulate the attacks launched by a malicious party, both internally and externally.
Attack narratives outline how a particular objective was obtained.
High-level assessment with recommendations to improve security posture.
Get a thorough infrastructure penetration test
Choose one, or all of the following: phishing, vishing, tailgating, and device drops.
Test how your facility's network would respond to a new device being connected
Can include application penetration testing
Identify where an attacker may be able to exploit a credential or an endpoint
Test physical controls to see if anyone can get on-site to your facilities
Test your wireless configuration and password
Determine whether a user would plug in an unknown USB to their computer
Test your access badges for replay attacks and cloning
Packetlabs' OBPT methodology evaluates the security controls across people, processes and technology in order to identify potential areas of weakness.
Simulate real-world, covert, goal-oriented attacks to answer the 'what if' of how far a compromised credential can take an attacker.
Download our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.
An objective-based penetration test begins with a comprehensive, coverage-based infrastructure penetration test. It layers on additional components to round off the assessment, and make it far more realistic and thorough to ensure we actually move the needle on security. The objective-based penetration test includes Infrastructure Penetration Testing, an Active Directory Password Audit, Active Directory Bloodhound Audit, e-mail phishing, advanced simulation of your top five objectives (e.g., obtain access to ERP, obtain administrative control over the target network, etc.) and more.
We recommend the objective-based penetration test as the initial approach for most organizations because it helps prioritize your path to low risk across people, processes and technology. It also helps evaluate the responsiveness of your blue team!
Explore more questions
Retail/Ecommerce Finance Government Education Technology Healthcare Utilities/Energy
There's simply no room for a compromise. We’re here to help. Our team works with yours to ensure you reach your full security potential.
During the test the engineer assigned to our case would notify us of any high-priority findings with detailed explanations of the risks right away. They were also quickly responsive to our emails during the test.