Enumeration And Exploitation – Making the Most of Your Systems
Overview
Armed with a set of results obtained from system analysis, enumeration is the process of determining the names and versions of applications and devices located, communicating how they may be vulnerable, and leading us to discover how somebody could further exploit these vulnerabilities. In simpler terms – Investigate, Inform, and Initiate.
Vulnerability Assessment
Once we have located your applications and devices, we set about determining whether they are vulnerable to any known attacks. We then extensively use the National Vulnerability Database to uncover what remedial action needs to happen to mitigate the problem. This could mean the installation of patches or upgrades, making minor configuration changes, or disabling the function entirely depending upon the severity of the issue at hand. Also, at this stage, we test devices for whether the default administrator passwords have been changed from the supplier defaults.
Exploitation
If you require, we can use the information obtained in the vulnerability assessment stage to demonstrate how your system can be compromised. This might mean showing you how a "meet-in-the-middle" attack works, how somebody could crack your access passwords, and how hackers go about elevating their privileges to higher and higher levels. This is most often carried out as part of a "Red Team" exercise, where you want to test your own IT team's ability to detect and protect your company from attacks.