Not ready for a full-blown Penetration Test? Vulnerability Assessments can provide an overview of your organization's security posture by identifying known security weaknesses, so your organization can establish an acceptable security baseline.
A Penetration Test is a controlled simulation of real-world attacks against your organization. We take on the role of the attacker and try to compromise your systems to tell you how we did it.
Want to bolster your personnel's security knowledge? We provide training workshops with live demos of real attacks so your employees can stay abreast of current threats. Highly recommended for web developers.
Our Vulnerability Assessments aim to identify and prioritize as many known security weaknesses affecting your Internet-facing systems as possible.
Vulnerability Assessments differ from Penetration Testing because they focus on breadth over depth and do not try to simulate an advanced adversary.
If your organization is not mature enough from a security standpoint, performing periodic Vulnerability Assessments can add the most value in helping you establish a minimum acceptable security baseline.
Vulnerability Assessments can also help organizations stay abreast of new, publicly disclosed weaknesses as soon as they are discovered because they are performed much more frequently than one-off engagements.
We carry out Vulnerability Assessments following a list-based approach with a focus on identifying as many known security weaknesses as possible. We use automated scanning tools, combined with manual testing to reduce or eliminate false positives.
Our Vulnerability Assessments can cover any Internet-facing systems, but without utilizing any credentials. We offer Vulnerability Assessments as an on-going service that can be purchased monthly, quarterly, or bi-annually per 12-month period.
A Penetration Test is a controlled simulation of real-world attacks that targets your organization to determine the possible likelihood of a security compromise, identify the associated risks you would be exposed to and demonstrate the full business impact this would have on your organization.
Why perform a pentest? Because you have assets that are worth protecting, assets such as your data, your clients, your customers and your business. Because you want to find out if the protections you've put in place can withstand a targeted attack from an advanced adversary. Because you want to improve your overall security posture.
The scope defines what is to be tested. In short, the scope is everything. The following can be included as part of the scope:
We carry out Penetration Testing engagements with a focus on demonstrating MAXIMUM business impact. We don't just exploit security weaknesses to show they're there. We plan and execute precise attacks by exploiting multiple weaknesses in conjunction with one another.
Our simulated attacks follow a goal-oriented approach, tailored to each industry and each client, by modelling potential threats and targeting the Information Assets of your organization that are likely to come under fire.
We don't limit ourselves to predefined checklists, and don't rely solely on automated scanning tools. We pride ourselves in our skills and abilities to perform extensive MANUAL TESTING to uncover weaknesses that would go undetected by such tools.
We leverage our offensive capabilities to identify the root cause of security weaknesses in order to provide clear, concise and thoroughly-researched mitigation strategies, that will help your organization PROTECT its business.
What we don't do is point the finger and assign blame. We're not trying to make you look bad; we want to work WITH you to help you plug the holes in your defences before someone else finds them.
The final stage of a Penetration Test is the delivery of a Report with detailed mitigation strategies, both at a procedural level and for individual weaknesses, that will help you enhance your overall security posture.
The old cliche that "People are the weakest link" in the security chain is only half true. Our Security Workshops aim to empower your employees by educating them about real-world security threats. We show you how actual attackers think and break down attacks, step-by-step, so your people can understand how they can protect your organization.
Do you want to build a security-focused culture within your organization? Do you want to help your personnel defend against Social Engineering? Do you want to help your developers write more secure code? Do you want to make sure your sysadmins think about security? Then do something by providing them the opportunity to learn how attackers think and operate.
We don't just read slides off of a projector; we carry out LIVE DEMOS using intentionally vulnerable environments - we either use existing ones, or we develop our own to mimic the technologies you use. We also love posing challenges to the audience and answering questions.
Like we said, the scope is everything. We offer the following workshops, each targeted towards a specific audience:
RUNESEC is a Cyprus company that offers OFFENSIVE Information Security Assessment Services, formed by a small team of highly-skilled individuals who share a strong passion for Computer Security. We strive to provide an uncompromising quality of work through our pursuit of knowledge and desire to hone our skills.
Our combined experience in providing Information Security assessment services includes clients such as Government agencies (local and foreign), the biggest Banks and largest Telecommunications providers in Cyprus, Payment Gateway providers, Forex companies, Insurance agencies, Oil & Gas multinationals and global Construction companies.
We believe in giving back knowledge and code to the local and global Infosec communities through our own independent research and development efforts.
Our goals reflect our philosophy:
| INTEREST | Post-Exploitation |
| FAVOURITE TOOL | Metasploit |
| FAVOURITE OS | Arch Linux |
|
Give me six hours to chop down a tree and I will spend the first four sharpening the axe.
Simon likes to stay prepared for stuff by climbing trees and the occasional rope. |
|
| INTEREST | Mobile App Security |
| FAVOURITE TOOL | mitmproxy |
| FAVOURITE OS | Linux Mint |
|
In the age of information, ignorance is a choice.
Nicolas likes to dabble in a little bit of everything, especially sciences and books. |
|
| INTEREST | Web App Security |
| FAVOURITE TOOL | Burp Suite |
| FAVOURITE OS | Linux Mint |
|
A fool with a tool is still a fool.
Marios likes to spend his time reading hacking books and mastering his backgammon skills. |
|
Fingerprint: 05CA 12FF 9336 3AA0 B7D9 7AEA A4E2 384D 3841 71EF
PGP Key (Click to download)RUNESEC is always looking to meet individuals who share our passion for Information Security. If you've got something cool to share like a tool, a paper, an exploit, your CV (although we currently have no vacancies) or even an interesting question, feel free to drop us a line (no phishing)!
COPYRIGHT © 2019 RUNESEC LTD