Password Strength Audit
Rather than attempt to break in and possibly lock accounts out, causing issues, this test takes a copy of the passwords used throughout the network and attempts to crack them offline. Although this is faster and more likely to succeed than attempting to break in externally, it highlights important issues with user accounts and can have surprising results.
Test time is 6 hours on average (depending on number of users) and within this time we test every possible combination up to 7 characters (takes roughly 2 hours) and a dictionary of 75 million previously found passwords, which is constantly growing. This dictionary, once “rules” which alter the words (password converted to P4$$w0Rd123!, etc) is over 5 quadrillion passwords long!
Throughout previous tests we have found on average 70-80% of users have their passwords cracked, and roughly a third of these are contained within password dictionaries we know are in active use by online attackers
We can also include passwords used for online services, such as company Facebook, Twitter, etc.
After the test advice on creating strong passwords is discussed with the company and any individuals concerned with the results and work with the company to improve their network password policies.
set price per test – this includes an optional re-test after users have been instructed to change their passwords
Basic Company Foot Printing
This foot printing exercise is paid for per-hour, with a set number of hours decided before the test. Once this is done we will set out to discover as much public information available about the company as possible, using multiple tools and methods that hackers use when specifically targeting a company.
The information included in the report is all available publicly so not all of it may be surprising, however, we often uncover information that would be very useful to hackers that the company does not know is available on the web.
This test is not particularly technical in nature, however, it does include use of many tools that are freely available that can gather vast amounts of information in a very short amount of time, allowing more time to dig around and gather harder-to-find information on companies.
Priced on an hourly basis, number of hours is determined by the client upon purchase.