8/14/2019 Halock ACS - Ethical Hacking

1/2

Pricing:

Pricing varies based on the

size, complexity, and depth of

testing

Typical Ethical Hacking en-

gagements range between

$5,000 and $20,000

Additional fees apply to in-

depth application testing

In the race to develop online

services, networked hosts and

underlying applications have

often been deployed with mini-

mal attention to security risks.

The result is that most corpo-

rate sites are surprisingly vul-

nerable to hacking or indus-

trial espionage.

To test this, Ethical Hacking

(sometimes referred to as

Penetration Testing) is per-

formed in conjunction with

vulnerability scanning.

Halocks "Red Team" of ethical hackers can perform an in-depth analysis of identified potential

high risk vulnerabilities with the primary objective to gain access to sensitive data assets within

the organization environment as a practical demonstration of what a malicious individual could

accomplish.

Many vulnerabilities, when viewed independently, do not pose a great risk to the organization.

When these weaknesses are combined and placed in the hands of a skilled attacker, the result is

often a breach. Understanding and resolving configuration and security issues helps prevent the

organization from experiencing and having to disclose a real attack in the future.

Solution Overview

Professional Services Included :

Manual testing directed at fully exploiting

identified key vulnerabilities

Attempts to gain authenticated access to

protected systems using "brute force"

techniques of guessing login names and

passwords

Advanced techniques of system compromise,

such as utilizing buffer-overflow

vulnerabilities to implant "root-kits" on target

systems, which can then be used for further

privilege escalation

Advanced testing techniques including SQL

Injection, ASP and CGI script

vulnerabilities, Cross-site scripting, Hidden

-field manipulation, Authentication

vulnerabilities, Session hijacking, Database

errors, Directory traversal, Form field data

validation

Exploiting sensitive information contained

in within application source code and

underlying systems

Documentation of findings, including

detailed walkthroughs of exploit scenarios

Ethical Hacking

Solution

At-a-Glance:

Performed internally

(internet accessible), exter-

nally (private), or both

Locate and identify respond-

ing hosts

Exploitation of indentified

vulnerabilities with the in-

tent of gaining access to

sensitive information assets

Detailed reporting of findings

and risks including narrative

scenarios that walk you

through each step of the

attack

Identify and document ap-

proaches and recommenda-

tions to resolve security

vulnerabilities

847.221.0200 halock.com

1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com

Assessment & Compliance Services Division

8/14/2019 Halock ACS - Ethical Hacking

2/2

Ethical Hacking: Scope Worksheet

1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com

847.221.0200 halock.com

Any system with detected vulnerabilities can be targeted for ethical hacking. If there are specific systemsHalock should focus on, please indicate below:

Are there any special considerations that need to be taken into account (i.e. Off site hosting)?Please list.

1) _____________________________________________________________________________

2) _____________________________________________________________________________

3) _____________________________________________________________________________

4) _____________________________________________________________________________

SYSTEM IP ADDRESS NOTES