CREST certified Ethical Hackers from BDO Digital carry out penetration tests on your Microsoft and multi-cloud environment, and the design of your Microsoft Azure and Microsoft 365 environments, carefully checking for vulnerabilities, configuration errors and other cybersecurity risks. Not only is the use and design of the correct protection measures such as Microsoft Azure AD, Microsoft Defender, Microsoft Sentinel and Microsoft Intune tested, but the configuration of the correct compliance tooling, such as Microsoft Purview, can also be examined.
Ethical Hacking Test Formats
White Box: White Box tests are carried out based on information known in advance, such as login details, which allows more specific testing of certain elements.Gray Box: With Gray Box testing, limited information is known about the infrastructure, but is investigated to see to what extent more information can be found about the subject under investigation.
Black Box: In a Black Box investigation, no information is known in advance. In this scenario, security is tested without prior knowledge of the environment.
Custom: For specific requirements, such as very sensitive environments or multi-disciplinary assignments such as Red or Purple Teaming, we will draw up a tailor-made proposal in consultation.
Execution
Clear coordination of the scope and objective of the security and/or penetration test, taking into account specific industry, business and environmental characteristics
Threat analysis through a joint assessment of potential cybersecurity threats
Test design, based on the previous points, this can be focused, for example with or without 'credentials', on one or more specific environments, searching for sensitive information such as financial data or IP, accessible systems, network infrastructure, certain applications, etc.
Implementation based on best practices, right tools and specific expertise, according to (international) standards such as OWASP, NIST 800-115
Testing for the correct implementation of frameworks such as ISO 27001, NIST, BIO or NEN) or specific framework requirements such as DigiD or PCI DSS
Vulnerability scan to identify vulnerabilities in applications and infrastructure
Penetration test that includes an attempt to gain access to the applications, systems and data in scope.
Delivery
A thorough test tailored to customer needs, scope and threats
Support for audit purposes
Clear report in understandable language and heat map
Clear context with Common Vulnerabilities and Exposures (CVE)
Immediate response to serious detected vulnerabilities
Clear and coordinated risk rating and explanation of impact
Points for improvement and clear advice, including on the design of Microsoft Azure and Microsoft 365
Advice on Microsoft Defender, Microsoft Sentinel, Microsoft Intune and Microsoft Purview applications
Management summary.