The Objective-Based Penetration Test (OBPT) is a bundle that includes our thorough Infrastructure Penetration Testing service offering. OBPT adds context and specific testing for more goal-oriented security. Define your goals, such as gaining access to your most critical data or domain admin, and our ethical hackers will provide a narrative of how an attack was carried out and the methods used. This will enable your in-house team to identify and address any security vulnerabilities. OBPT is a comprehensive penetration test that includes adversary simulation for added security assistance.
Social engineering scoped to your preferences (phishing, vishing, tailgating, device drops)
Active directory assessment to identify weaknesses in passwords and configurations
Ransomware assessment that will identify potential impacts of a ransomware attack with the current configuration and security controls
A thorough penetration test across your infrastructure
Identify how far a compromised credential can take an attacker. We test captured credentials against externally exposed assets as part of our phishing (e.g., emails, VPNs, and management portals)
Test end-point anti-malware capability against ransomware propagation techniques to identify if your controls are capable and configured correctly
Set specific goals you would like the ethical hacker to target within your environment (including people)
Narratives are constructed to demonstrate the business impact of the objective being completed and helps senior leadership understand risks without the technical jargon.
Leverage the Infrastructure Penetration Test results to target the achieved objectives that are then chained back to the respective findings to connect the dots
Identify threats to a single compromised password or internal end-point
Approach an objective from all angles to ensure that information remains secure.
We simulate the attacks launched by a malicious party, both internally and externally.
Attack narratives outline how a particular objective was obtained.
High-level assessment with recommendations to improve security posture.
Get a thorough infrastructure penetration test
Choose one, or all of the following: phishing, vishing, tailgating, and device drops.
Test how your facility's network would respond to a new device being connected
Can include application penetration testing
Identify where an attacker may be able to exploit a credential or an endpoint
Test physical controls to see if anyone can get on-site to your facilities
Test your wireless configuration and password
Determine whether a user would plug in an unknown USB to their computer
Test your access badges for replay attacks and cloning
Objective-Based Penetration Testing | Infrastructure Penetration Testing | |
---|---|---|
Foundational Assessment | Yes | Yes |
Network Security | Yes | Yes |
System Hardening | Yes | Yes |
OS and 3rd Party Patching | Yes | Yes |
Authentication Attacks | Yes | Yes |
Cryptography Attacks | Yes | Yes |
Email Phishing | Yes | No |
Ransomware Assessment | Yes | No |
Active Directory Audit | Yes | No |
Active Directory Password Audit | Yes | No |
Antivirus Bypass | Yes | No |
Adversary Simulation | Yes | No |
Physical Security Attacks | Yes | No |
Social Engineering (Phone/In-Person) | Yes | No |
Packetlabs ’ OBPT methodology evaluates the security controls across people, processes and technology in order to identify potential areas of weakness.
Download Sample ReportSimulate real-world, covert, goal-oriented attacks to answer the 'what if' of how far a compromised credential can take an attacker.
Download MethodologyDownload our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.
Download Guide- Blog
This article will delve into the most common techniques attackers use to transition from their initial breach to achieving their end goals: Privilege Escalation.
- Blog
In today's blog, learn more about how Zero Click cyberattacks are executed without user interaction and why they're difficult to defend against, posing a significant cybersecurity challenge.
- Blog
Beyond technical expertise, cybersecurity leaders need a diverse skill set. Here are the top 10 must-have cybersecurity leadership skills for CISOs in 2024 and beyond.
There's simply no room for a compromise. We’re here to help. Our team works with yours to ensure you reach your full security potential.