Objective-Based Penetration Testing (OBPT)

overview

Overview

The Objective-Based Penetration Test is a bundle that’s offered on top of our thorough Infrastructure Penetration Testing service offering. It adds context and specific testing that makes it much more comprehensive. You set objectives (such as access to your most critical data or domain admin), and our ethical hackers will provide the attack narrative of how it was achieved. It's a comprehensive penetration test that incorporates adversary simulation.

What you'll get:

  • Social engineering scoped to your preferences (phishing, vishing, tailgating, device drops)

  • Active directory assessment to identify weaknesses in passwords and configurations

  • Ransomware assessment that will identify potential impacts of a ransomware attack with the current configuration and security controls

  • A thorough penetration test across your infrastructure

Why conduct Objective-Based Penetration Testing?

Answer the "what if"

  • Identify how far a compromised credential can take an attacker. We test captured credentials against externally exposed assets as part of our phishing (e.g., emails, VPNs, and management portals)

  • Test end-point anti-malware capability against ransomware propagation techniques to identify if your controls are capable and configured correctly

Attack narrative

  • Set specific goals you would like the ethical hacker to target within your environment (including people)

  • Narratives are constructed to demonstrate the business impact of the objective being completed and helps senior leadership understand risks without the technical jargon.

Coverage-based approach

  • Leverage the Infrastructure Penetration Test results to target the achieved objectives that are then chained back to the respective findings to connect the dots

  • Identify threats to a single compromised password or internal end-point

Reduce the risk of a breach with an objective-based approach

  • icon

    Secure information

    Approach an objective from all angles to ensure that information remains secure.

  • icon

    Accurate simulation

    We simulate the attacks launched by a malicious party, both internally and externally.

  • icon

    Detailed report after testing period

    Attack narratives outline how a particular objective was obtained.

  • icon

    Strategic security recommendations

    High-level assessment with recommendations to improve security posture.

    Packetlabs Ltd. delivered exactly as requested, meeting the objectives of the project. Not only was the team able to complete the analysis quickly, but they were also open and honest throughout the entire process.

    Read More  
  • Anonymous
    • Anonymous
    • VP Engineering & Founder

    During the test the engineer assigned to our case would notify us of any high-priority findings with detailed explanations of the risks right away. They were also quickly responsive to our emails during the test.

    Read More  
  • Adam B.
    • Adam B.
    • V.P. Engineering

    PacketLabs gives the partner peace of mind and reassurance that their cybersecurity needs taken care of. Their team is full of experts who go above and beyond the scope of the engagement.

    Read More  
  • Anonymous
    • Anonymous
    • Director of IT

    The result report was easy to follow and insightful, with recommendations on risk exposure and remediation. We would definitely recommend working with PacketLabs.

    Read More  
  • Charlene
    • Charlene
    • Small Business Owner

    Our experience with Packetlabs was very positive. They offer excellent service, communicated clearly with us throughout the process, and were very accomodating regarding our timelines. We highly recommend Packetlabs.

    Read More  
  • Anonymous
    • Anonymous
    • Human Resources

    Since engaging Packetlabs, we've been confident in our ability to bid for Pentest engagements no matter the scenario, environment or requirement - they've made the whole process of scoping, quoting, and delivering (on time and on budget) seamless.

    Read More  
  • Ian W.
    • Ian W.
    • Security Sales Specialist

    They shared the results with us in a management report. We discussed all the findings and how we could fix them in meetings, and they also provided us with optional solutions. They did everything remotely.

    Read More  
  • Anonymous
    • Anonymous
    • IT Infrastructure Manager

    The team worked quickly to identify any issues, write up reports, and offer recommendations. Their friendliness set them apart and made them more of a partner than merely a service provider.

    Read More  
  • Anonymous
    • Anonymous
    • IT Director

    Thanks to Packetlabs Ltd.'s excellent cybersecurity efforts, the company was able to resolve its vulnerabilities and establish its secure VPN tunnel. Their responsiveness and diligence were hallmarks of their work.

    Read More  
  • Anonymous
    • Anonymous
    • Manager

    After performing extensive tests, Packetlabs Ltd. produced a thorough report that explained any potential security flaws. Accommodating schedule changes, the team supported effective collaboration.

    Read More  
  • Anonymous
    • Anonymous
    • Project Manager, ECEBC

    Packetlabs Ltd. successfully identified new and preexisting issues, making it easy for the client to resolve them. The team often went above and beyond to explore issues further and provide valuable information for the client.

    Read More  
  • Anonymous
    • Anonymous
    • Sr Director Technology

    From the first phone call to the tech interview and progress updates, they have demonstrated a complete understanding of our needs, are very proactive and responsive, and have clear communication.

    Read More  
  • Anonymous
    • Anonymous
    • Small Business Owner

    Packetlabs Ltd. delivered exactly as requested, meeting the objectives of the project. Not only was the team able to complete the analysis quickly, but they were also open and honest throughout the entire process.

    Read More  
  • Anonymous
    • Anonymous
    • VP Engineering & Founder

    During the test the engineer assigned to our case would notify us of any high-priority findings with detailed explanations of the risks right away. They were also quickly responsive to our emails during the test.

    Read More  
  • Adam B.
    • Adam B.
    • V.P. Engineering

OBPT Service Highlights

  • Service highlight icons for Infrastructure

    Infrastructure

    Get a thorough infrastructure penetration test

  • Service highlight icons for Social Engineering

    Social Engineering

    Choose one, or all of the following: phishing, vishing, tailgating, and device drops.

  • Service highlight icons for Device Planting

    Device Planting

    Test how your facility's network would respond to a new device being connected

  • Service highlight icons for Application

    Application Testing

    Can include application penetration testing

  • Service highlight icons for E-mail Phishing

    E-mail Phishing

    Identify where an attacker may be able to exploit a credential or an endpoint

  • Service highlight icons for Tailgating

    Tailgaiting

    Test physical controls to see if anyone can get on-site to your facilities

  • Service highlight icon for Wireless

    Wireless

    Test your wireless configuration and password

  • Service highlight icons for Usb Device Drops

    Usb Device Drops

    Determine whether a user would plug in an unknown USB to their computer

  • Service highlight icons for Card Cloning

    Card Cloning

    Test your access badges for replay attacks and cloning

Objective-Based Penetration Testing Comparison Chart

  • Infrastructure Penetration Testing
  • Objective-Based Penetration Testing

  • Thorough Foundational Assessment of Networks and Systems

  • Network Security

  • System Hardening

  • OS and Third-Party Patching

  • Authentication Attacks

  • Cryptography Attacks

  • Email Phishing

  • Ransomware Assessment

  • Active Directory Bloodhound Assessment

  • Active Directory Password Audit

  • Antivirus Bypass

  • Adversary Simulation

  • Physical Security Attacks

  • Social Engineering (Phone/ In-person)

Download Resources

  • All
  • OBPT Resources
  • Guides
  • OBPT Report Cover

    • OBPT Report

    • Packetlabs was engaged to perform an objective-based Penetration Test of Acme Inc. The core objective of this assessment was to simulate a cyber-attack and evaluate the security controls across people, processes and technology in order to identify potential areas of weakness.

  • block image

Frequently Asked Questions

  • What is an Objective-based Penetration Test, and at what stage is the organization ready for this approach?

    An objective-based penetration test begins with a comprehensive, coverage-based infrastructure penetration test. It layers on additional components to round off the assessment, and make it far more realistic and thorough to ensure we actually move the needle on security. The objective-based penetration test includes Infrastructure Penetration Testing, an Active Directory Password Audit, Active Directory Bloodhound Audit, e-mail phishing, advanced simulation of your top five objectives (e.g., obtain access to ERP, obtain administrative control over the target network, etc.) and more.

    We recommend the objective-based penetration test as the initial approach for most organizations because it helps prioritize your path to low risk across people, processes and technology. It also helps evaluate the responsiveness of your blue team!

Explore more questions

Certifications

Featured Posts

See all

  • wind turbines green energy
  • Person scanning on a screen
  • yellow construction crane on a red background

Ready to get started?

There's simply no room for a compromise. We’re here to help. Our team works with yours to ensure you reach your full security potential.

Contact Us