Introduction

Hi there. We are Consoltec. We know InfoSec. Consoltec is an Information Security company specializing in penetration testing. We are located in Charlotte, North Carolina. We specialize in network penetration testing, infrastructure penetration testing, web penetration testing, social engineering, exploitation development, and custom exploits. Consoltec is owned and operated by Jon Molesa. Jon has over 15 years experience in Information Technology and Information Security. Jon holds the OSCP, CISSP, and a BS from North Carolina State University in Business Management and Management Information Systems.

Consoltec is ready and willing to perform ethical hacking intrustion attempts against networks authorized by it’s clients. In order to have a true idea of what an attacker sees when they look at your assests please contact Consoltec today to schedule your assessment. Penetration assessments differ from vulnerability scans by attempting to exploit the identified vulnerabilities. Depending on the scope of the pentest, custom exploitation may be required to gain unauthorized access to in-scope targets.

An ethical hacker, such as Consoltec, will attempt to gain unauthorized access to your company’s assets. In doing so, your company will have a better idea of what an advasary may do in order to gain access and what they may do with that access once granted. Attackers may chose to target your company for a marid of reasons or motives. A smapling of possible motives include: fame, revenge, corporate espinoge, hate, regelious beliefs, to prove a point, to “punnish” the company and/or it’s employees, extortion, blackmail, and to embarrass the company.

Maintaining a patching program can go a long way to protect your company against the known knowns, but it isn’t enough. In order to test for the unknowns you need to hire Consoltec to perform advanced penetration testing activities against your organization.

Typical Assessment Outline

  • Contact
  • Statement of Work (SOW)
  • Reconisance
  • Exploitation
  • Reporting

Make Contact

A typical assessment begins by you first contacting Consoltec in order to schedule the initial discussion. Following the initial discussion, Consoltec will prepare a Statement of Work including a definition of scope. The scoping portion of the SOW defines what the goals and authorized targets are. The SOW also defines the schedule that the work will be performed as well as the final deliverables.

Recon

Once the signed SOW is received by Consoltec, we will begin by gathering as much information as possible about the target organization and its assets. This is known as the reconisance, information gathering, or Open-Source Intelligence Gathering (OSINT) gather phase. This may include research into your company owners, employees, shareholders, their affiliations, relationships, public information, leaked information, and any other source of information that may be useful to our goals.

Exploitation

The next phase of the assessment is the exploitation phase. Exploitation attempts to use the information found in the reconisance phase against the target organization and its assets. This can include social engineering and attacks directly against your organization’s assets. Basically any and all information gleaned in the information gathering phase will now be used against that organization.

Reporting

Reporting is the final phase of the assessment. During this phase Consoltec will provide the organization with a report detailing all of the information gathered, exploitation attempts, as well as successful exploitation, risk identification, and recommeded remediation.

Conclusion