New to Pentests?
Pentest FAQs
At Nexon, our Australian-based ethical hackers come with verified qualifications and a full background and police check to ensure our customer’s infrastructure is always in safe hands.
The qualifications for ethical hacking are ever changing and (as yet) there are no actual standards. So, it’s important to work with a trusted technology partner with the capacity and capability to provide end to end services and resources to pivot and scale as required.
There are a number of certifications you should be looking for. These include the Online Certificate Status Protocol (OCSP), the Council of Registered Ethical Security Testers (CREST) and the GIAC Penetration Tester (GPEN) qualifications as standard.
In addition, the Practical Network Penetration Tester (PNPT) and Certified Penetration Testing Professional (CPTP) are relatively new qualifications with validity.
The Certified Ethical Hacker (CEH) qualification covers minimum standards but should not be considered as a trusted qualification in isolation.
Review this list of the qualifications that our team at Nexon Asia Pacific offer.
We recommend starting with an outside-in approach. By searching for information about your organisation externally, we can identify potential areas of exposure and generate a Network Attack Blueprint specific to your organisation before commencing our Penetration Test.
Techniques we use include:
- Social Engineering techniques
- Command and control infrastructure
- Custom built malware and tools
- Domain Fronting and C2 redirectors
- Employing of stealth and persistence techniques
- Advanced obfuscation and evasion techniques
- Mixture of commercial grade and open-source techniques / tools/software
- Advanced adversary simulation techniques
At Nexon, the penetration test is one way we test security posture and maturity. Our specialist security division offer a range of technologies, tools and skillsets to provide performance, productivity and protection for any organisation in any industry or vertical sector.
What differentiates our offering is our ability to connect the dots across your network infrastructure. We provide an end to end service which identifies, mitigates, manages, and remediates issues before they expose your organisation to unnecessary exposure to risk
We provide end to end specialist security services, from strategic security roadmaps and incident response strategies through to scalable SOC services. Our modular approach to service provision ensures your organisation benefits from the cost and time efficiencies that result from using existing tools and technologies before investing in new.
Our services include:
- Penetration testing - Whitebox, Blackbox and Greybox assessments of cloud, external and internal networks, wireless, SCADA/OT and more
- Web application, API's and Mobile Application Penetration Testing
- Web applications, websites and web API, IoS and Andoid application testing
- Red and Blue team operations to assess detection and response capabilities
- Social Engineering - phishing, spear phishing, vishing, physical access Testing
- Adversary simulations - assume breach exercises, malicious adversary simulations, disgruntled employee or malicious insider emulations
- Staff training – automated phishing and awareness and on-premise cyber security training.