Hero Layer Right

Objective-Based Penetration Testing (OBPT)

Overview

The Objective-Based Penetration Test (OBPT) is a bundle that includes our thorough Infrastructure Penetration Testing service offering. OBPT adds context and specific testing for  more goal-oriented security. Define your goals, such as gaining access to your most critical data or domain admin, and our ethical hackers will provide a narrative of how an attack was carried out and the methods used. This will enable your in-house team to identify and address any security vulnerabilities. OBPT is a comprehensive penetration test that includes adversary simulation for added security assistance.

What you'll get:
  • Social engineering scoped to your preferences (phishing, vishing, tailgating, device drops)

  • Active directory assessment to identify weaknesses in passwords and configurations

  • Ransomware assessment that will identify potential impacts of a ransomware attack with the current configuration and security controls

  • A thorough penetration test across your infrastructure

Why conduct Objective-Based Penetration Testing?

Answer the "what if"
  • Identify how far a compromised credential can take an attacker. We test captured credentials against externally exposed assets as part of our phishing (e.g., emails, VPNs, and management portals)

  • Test end-point anti-malware capability against ransomware propagation techniques to identify if your controls are capable and configured correctly

Attack narrative
  • Set specific goals you would like the ethical hacker to target within your environment (including people)

  • Narratives are constructed to demonstrate the business impact of the objective being completed and helps senior leadership understand risks without the technical jargon.

Coverage-based approach
  • Leverage the Infrastructure Penetration Test results to target the achieved objectives that are then chained back to the respective findings to connect the dots

  • Identify threats to a single compromised password or internal end-point

Reduce the risk of a breach with an objective-based approach

Service highlight icon for access control
Secure information

Approach an objective from all angles to ensure that information remains secure.

Service highlight icon for Information Security Incident Management
Accurate simulation

We simulate the attacks launched by a malicious party, both internally and externally.

Service highlight icons for Document and draft report outlining key observations
Detailed report after testing period

Attack narratives outline how a particular objective was obtained.

Compromise assessment icon
Strategic security recommendations

High-level assessment with recommendations to improve security posture.

What People Say About Us

Adam B.

During the test the engineer assigned to our case would notify us of any high-priority findings with detailed explanations of the risks right away. They were also quickly responsive to our emails during the test.

- Adam B.
  V.P. Engineering

Anonymous

PacketLabs gives the partner peace of mind and reassurance that their cybersecurity needs taken care of. Their team is full of experts who go above and beyond the scope of the engagement.

- Anonymous
  Director of IT

Charlene

The result report was easy to follow and insightful, with recommendations on risk exposure and remediation. We would definitely recommend working with PacketLabs.

- Charlene
  Small Business Owner

Anonymous

Our experience with Packetlabs was very positive. They offer excellent service, communicated clearly with us throughout the process, and were very accomodating regarding our timelines. We highly recommend Packetlabs.

- Anonymous
  Human Resources

Ian W.

Since engaging Packetlabs, we've been confident in our ability to bid for Pentest engagements no matter the scenario, environment or requirement - they've made the whole process of scoping, quoting, and delivering (on time and on budget) seamless.

- Ian W.
  Security Sales Specialist

Anonymous

They shared the results with us in a management report. We discussed all the findings and how we could fix them in meetings, and they also provided us with optional solutions. They did everything remotely.

- Anonymous
  IT Infrastructure Manager

Anonymous

The team worked quickly to identify any issues, write up reports, and offer recommendations. Their friendliness set them apart and made them more of a partner than merely a service provider.

- Anonymous
  IT Director

Anonymous

Thanks to Packetlabs Ltd.'s excellent cybersecurity efforts, the company was able to resolve its vulnerabilities and establish its secure VPN tunnel. Their responsiveness and diligence were hallmarks of their work.

- Anonymous
  Manager

Anonymous

After performing extensive tests, Packetlabs Ltd. produced a thorough report that explained any potential security flaws. Accommodating schedule changes, the team supported effective collaboration.

- Anonymous
  Project Manager, ECEBC

Anonymous

Packetlabs Ltd. successfully identified new and preexisting issues, making it easy for the client to resolve them. The team often went above and beyond to explore issues further and provide valuable information for the client.

- Anonymous
  Sr Director Technology

Anonymous

From the first phone call to the tech interview and progress updates, they have demonstrated a complete understanding of our needs, are very proactive and responsive, and have clear communication.

- Anonymous
  Small Business Owner

Anonymous

Packetlabs Ltd. delivered exactly as requested, meeting the objectives of the project. Not only was the team able to complete the analysis quickly, but they were also open and honest throughout the entire process.

- Anonymous
  VP Engineering & Founder

OBPT Service Highlights

Service highlight icons for Infrastructure
Infrastructure

Get a thorough infrastructure penetration test

Service highlight icons for Social Engineering
Social Engineering

Choose one, or all of the following: phishing, vishing, tailgating, and device drops.

Service highlight icons for Device Planting
Device Planting

Test how your facility's network would respond to a new device being connected

Service highlight icons for Application
Application Testing

Can include application penetration testing

Service highlight icons for E-mail Phishing
E-mail Phishing

Identify where an attacker may be able to exploit a credential or an endpoint

Service highlight icons for Tailgating
Tailgaiting

Test physical controls to see if anyone can get on-site to your facilities

Service highlight icon for Wireless
Wireless

Test your wireless configuration and password

Service highlight icons for Usb Device Drops
USB Device Drops

Determine whether a user would plug in an unknown USB to their computer

Service highlight icons for Card Cloning
Card Cloning

Test your access badges for replay attacks and cloning

Objective-Based vs Infrastructure Penetration Testing

Objective-Based Penetration Testing

Infrastructure Penetration Testing

Foundational Assessment

Yes

Yes

Network Security

Yes

Yes

System Hardening

Yes

Yes

OS and 3rd Party Patching

Yes

Yes

Authentication Attacks

Yes

Yes

Cryptography Attacks

Yes

Yes

Email Phishing

Yes

No

Ransomware Assessment

Yes

No

Active Directory Audit

Yes

No

Active Directory Password Audit

Yes

No

Antivirus Bypass

Yes

No

Adversary Simulation

Yes

No

Physical Security Attacks

Yes

No

Social Engineering (Phone/In-Person)

Yes

No

Download Resources

OBPT Report Cover
OBPT Sample Report

Packetlabs’ OBPT methodology evaluates the security controls across people, processes and technology in order to identify potential areas of weakness.

Download Sample Report
OBPT Methodology

Simulate real-world, covert, goal-oriented attacks to answer the 'what if' of how far a compromised credential can take an attacker.

Download Methodology
Penetration Testing Buyer's Guide

Download our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.

Download Guide

Frequently Asked Questions

What is an Objective-based Penetration Test, and at what stage is the organization ready for this approach?

Certifications

icon
PEN 200 OSCP Logo
PEN 300 OSEP Logo
PEN 210 PSWP Logo
EXP 301 OSED Logo
WEB 300 OSWE Logo
CISSP Security Logo
GWAPT GIAC Web Application Penetration Tester
GMOB GIAC Mobile Device Security Analyst
GSNA GIAC Systems and Network Auditor Logo
GXPN GIAC Exploit Researcher and Advanced Penetration Tester Logo
GHIC GIAC Certified Incident Handler Logo
icon
icon
CISA Logo
Offensive Security Logo

Featured Posts

See All

- Blog

Q-Day And Harvest-Now-Decrypt-Later (HNDL) Attacks

Prime your knowledge about post-quantum encryption and risks it creates today via Harvest-Now-Decrypt-Later (HNDL) attacks.

- Blog

The Price vs. Cost of Dark Web Monitoring

Learn more about the price vs. cost of Dark Web Monitoring in 2024, as well as the launch of Packetlabs' Dark Web Investigators.

- Blog

What Are MFA Fatigue Attacks?

What are MFA fatigue attacks? As a new social engineering technique designed to help hackers circumvent MFA, organizations need to understand how they work, how to identify them, and prevent them.

Industries We Serve

Ready to get started?

There's simply no room for a compromise. We’re here to help. Our team works with yours to ensure you reach your full security potential.