Silent Break Security’s most popular service is a Black Box Penetration Test. As the name
implies, this service focuses on conducting realistic, targeted attacks with ZERO prior
knowledge of an organization’s internal, external, web or any other infrastructure. Typically,
security assessments involve off-the-shelf or open-source products automating scans and attacks
in effort to assist clients in becoming compliant. The scope and sophistication of the
assessment are limited to the functionality provided by the assessor’s purchased toolset.
Silent Break Security applies a much different approach, taking the sophistication and value of an assessment into real-world application and attack simulation. Applying first-hand knowledge from prior DoD and NSA experience of how “real” attacks are conducted, Silent Break Security uses custom code, attack methodologies, and stealth persistence to complete all stages of the assessment. Silent Break Security is the best equipped to provide organizations with what a penetration test should be: A realistic perspective of the effectiveness of the defensive mechanisms currently in place at preventing and detecting an attacker. With this competitive advantage, few other security companies are able to match the sophistication, methodology, and ultimately, value, provided by Silent Break Security.
The sophistication of each phase of the assessment performed by Silent Break Security is extremely representative of the threat environment currently facing organizations. The Black Box Penetration Test wraps three penetration tests (social engineering, client-side, and internal network) into one, realistic assessment. The goal of the entire assessment is to provide organizations with a realistic perspective of the effectiveness of their defenses against common attack methods.
The assessment can be broken into 3 distinct phases:
01 Initial access – Initial access may be performed in a variety of ways: Social Engineering, External Infrastructure, or physical assessment.
02 Internal network – Silent Break Security assesses the effectiveness of the controls on the internal network by attempting to pivot to other systems and/or access servers.
03 Client-side – With internal access to the network, Silent Break Security attempts to leverage the user’s access to escalate privileges and access and exfiltrate sensitive data to obtain increased privileges.