Objective-Based Penetration Testing (OBPT)
Overview
The Objective-Based Penetration Test (OBPT) is a bundle that includes our thorough Infrastructure Penetration Testing service offering. OBPT adds context and specific testing for more goal-oriented security. Define your goals, such as gaining access to your most critical data or domain admin, and our ethical hackers will provide a narrative of how an attack was carried out and the methods used. This will enable your in-house team to identify and address any security vulnerabilities. OBPT is a comprehensive penetration test that includes adversary simulation for added security assistance.
What you'll get:
Social engineering scoped to your preferences (phishing, vishing, tailgating, device drops)
Active directory assessment to identify weaknesses in passwords and configurations
Ransomware assessment that will identify potential impacts of a ransomware attack with the current configuration and security controls
A thorough penetration test across your infrastructure
Why conduct Objective-Based Penetration Testing?
Answer the "what if"
Identify how far a compromised credential can take an attacker. We test captured credentials against externally exposed assets as part of our phishing (e.g., emails, VPNs, and management portals)
Test end-point anti-malware capability against ransomware propagation techniques to identify if your controls are capable and configured correctly
Attack narrative
Set specific goals you would like the ethical hacker to target within your environment (including people)
Narratives are constructed to demonstrate the business impact of the objective being completed and helps senior leadership understand risks without the technical jargon.
Coverage-based approach
Leverage the Infrastructure Penetration Test results to target the achieved objectives that are then chained back to the respective findings to connect the dots
Identify threats to a single compromised password or internal end-point
Reduce the risk of a breach with an objective-based approach
Secure information
Approach an objective from all angles to ensure that information remains secure.
Accurate simulation
We simulate the attacks launched by a malicious party, both internally and externally.
Detailed report after testing period
Attack narratives outline how a particular objective was obtained.
Strategic security recommendations
High-level assessment with recommendations to improve security posture.
What People Say About Us
During the test the engineer assigned to our case would notify us of any high-priority findings with detailed explanations of the risks right away. They were also quickly responsive to our emails during the test.
PacketLabs gives the partner peace of mind and reassurance that their cybersecurity needs taken care of. Their team is full of experts who go above and beyond the scope of the engagement.
The result report was easy to follow and insightful, with recommendations on risk exposure and remediation. We would definitely recommend working with PacketLabs.
Our experience with Packetlabs was very positive. They offer excellent service, communicated clearly with us throughout the process, and were very accomodating regarding our timelines. We highly recommend Packetlabs.
Since engaging Packetlabs, we've been confident in our ability to bid for Pentest engagements no matter the scenario, environment or requirement - they've made the whole process of scoping, quoting, and delivering (on time and on budget) seamless.
They shared the results with us in a management report. We discussed all the findings and how we could fix them in meetings, and they also provided us with optional solutions. They did everything remotely.
The team worked quickly to identify any issues, write up reports, and offer recommendations. Their friendliness set them apart and made them more of a partner than merely a service provider.
Thanks to Packetlabs Ltd.'s excellent cybersecurity efforts, the company was able to resolve its vulnerabilities and establish its secure VPN tunnel. Their responsiveness and diligence were hallmarks of their work.
After performing extensive tests, Packetlabs Ltd. produced a thorough report that explained any potential security flaws. Accommodating schedule changes, the team supported effective collaboration.
Packetlabs Ltd. successfully identified new and preexisting issues, making it easy for the client to resolve them. The team often went above and beyond to explore issues further and provide valuable information for the client.
From the first phone call to the tech interview and progress updates, they have demonstrated a complete understanding of our needs, are very proactive and responsive, and have clear communication.
Packetlabs Ltd. delivered exactly as requested, meeting the objectives of the project. Not only was the team able to complete the analysis quickly, but they were also open and honest throughout the entire process.
OBPT Service Highlights
Infrastructure
Get a thorough infrastructure penetration test
Social Engineering
Choose one, or all of the following: phishing, vishing, tailgating, and device drops.
Device Planting
Test how your facility's network would respond to a new device being connected
Application Testing
Can include application penetration testing
E-mail Phishing
Identify where an attacker may be able to exploit a credential or an endpoint
Tailgaiting
Test physical controls to see if anyone can get on-site to your facilities
Wireless
Test your wireless configuration and password
USB Device Drops
Determine whether a user would plug in an unknown USB to their computer
Card Cloning
Test your access badges for replay attacks and cloning
Objective-Based vs Infrastructure Penetration Testing
Objective-Based Penetration Testing | Infrastructure Penetration Testing | |
|---|---|---|
Foundational Assessment | Yes | Yes |
Network Security | Yes | Yes |
System Hardening | Yes | Yes |
OS and 3rd Party Patching | Yes | Yes |
Authentication Attacks | Yes | Yes |
Cryptography Attacks | Yes | Yes |
Email Phishing | Yes | No |
Ransomware Assessment | Yes | No |
Active Directory Audit | Yes | No |
Active Directory Password Audit | Yes | No |
Antivirus Bypass | Yes | No |
Adversary Simulation | Yes | No |
Physical Security Attacks | Yes | No |
Social Engineering (Phone/In-Person) | Yes | No |
Download Resources
OBPT Sample Report
Packetlabs’ OBPT methodology evaluates the security controls across people, processes and technology in order to identify potential areas of weakness.
Download Sample Report
OBPT Methodology
Simulate real-world, covert, goal-oriented attacks to answer the 'what if' of how far a compromised credential can take an attacker.
Download Methodology
Penetration Testing Buyer's Guide
Download our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.
Download GuideFrequently Asked Questions
What is an Objective-based Penetration Test, and at what stage is the organization ready for this approach?
Certifications
Featured Posts
October 24 - Blog
Packetlabs at SecTor 2024
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
What is InfoStealer Malware and How Does It Work?
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT Uses AiTM Attacks to Target Software Updates
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
Industries & Roles We Help
Ready to get started?
There's simply no room for a compromise. We’re here to help. Our team works with yours to ensure you reach your full security potential.