SNATEK glassdoor medium email search shape caret

We simulate real world attacks executed by an advanced adversary to keep your business safe and prepared.

In simulating real world attacks executed by an advanced adversary, we exploit weaknesses within your infrastructure, applications, and users to show you exactly what can happen, and how to address the issues discovered. Let us show you what your last penetration test missed.

An Overview of SNATEK’S Process:

Planning for Penetration Testing

The first phase of penetration testing involves determining the scope and goals of the test. The SNATEK team works with you to figure out the logistics, expectations, objectives, goals, and systems to be addressed. The planning phase will establish whether you are using a black box, white box, or gray box penetration testing method.

Reconnaissance and Information Gathering

In this phase, the “hacker” or penetration tester seeks to discover as much information as possible about their target.
They will gather information about end uses, systems, applications, and more.
The information will be used for precision in the penetration test, using a complete and detailed rundown of systems to understand what, exactly, needs to be addressed and evaluated. Some of the methods used during this phase may include search engine queries, domain name searches, internet footprinting, social engineering, and even looking up tax records to find personal information.

Scanning an Discovery

The scanning and discovery phase is built to discover how the target system is going to respond to various attempts at intrusion. The penetration tester will most likely use automated penetration test tools to scan for initial vulnerabilities.
Static analysis and dynamic analysis are two types of approaches used by the penetration tester. Static analysis inspects an application’s code in an attempt to predict how it will react to an incursion. Dynamic analysis looks at an application’s code as it runs, providing a real-time view of how it performs. Other aspects that a pen tester will discover include network systems, servers, and devices, as well as network hosts.

Attack and Gaining Access

Once the pen tester has gained a complete understanding of the scope and components to be tested, they will attack in a simulated and controlled environment. Mimicking an actual cyberattack, the tester may: take control of a device to extract data, perform a web application attack, such as cross-site scripting or SQL injection, or perform a physical attack, as mentioned previously.

The goal of this phase is to see how far the tester can get into an IT environment without detection. The scope of the project should determine where the limits of the test should end to protect PI and other sensitive data.

Maintaining Access and Penetration

Once a pen tester has successfully compromised their target, they should try to expand their access and maintain their presence for as long as possible. Again, the goal is to imitate a real-world bad actor as much as possible.

The penetration tester in this phase will try to expand their permissions, find user data, and remain stealthy while running their programs deeper into the IT infrastructure. For example, the penetration tester may try to escalate their privileges to the role of administrator.

The goal here is to remain undetected in the system for as long as possible and to try to get at the most sensitive data (according to the project scope and goals).

Risk Analysis and Reporting

The last phase of penetration testing is the assessment and reporting phase. Once the penetration tester has been “discovered,” or the timeline for the project has been completed, a final report will be generated.

The report will provide a summary of the testing, details of each step the pen tester took to infiltrate systems and processes, details of all vulnerabilities, how they cleaned up after the stress test, and suggestions for security fixes.
A good penetration tester will also be able to determine the value of the compromised systems—i.e., how much financial impact would their incursion cost?

Reach out to SNATEK today and see where we can strengthen your business’s security.

Get In Touch

Let’s discuss your plans.

Looking for a new career? View job openings.









    Let’s talk about your next big project.

    Looking for a new career?

    View job openings.

    SNATEK – Salvant Technologies

    11011 Sheridan Street Suite 303 & 304
    Cooper City, FL 33026

    Technical Support – 954-507-4169

    General Inquiries – 954-443-0255

    Sales – 954-443-0255