Advanced Penetration Testing
for High Security Environments

Prevent breaches and stay compliant by testing your security’s effectiveness.

REQUEST CONSULTATION → Download Whitepaper →

Counter Dark Web Activities
with Advanced Penetration Testing

We examine your entire organization’s network from the inside and outside of traditional approaches.

39
seconds another hack will likely occur

Instantly zero in and deal with what truly matters, protection from unknown files causing damage. All unknown files will only be executed within our patented containment solution that offers zero friction for end user usability.

learn more
38
percent of targeted attacks occur in the u.s.

US topped the list as hosting the most malware. Broken out by US states, the top 5 malware-infestations were Arizona, California, New York, Virginia, and Texas.

learn more
92
percent of all malware is delivered by email

Email continues to be the most popular means of malware delivery. Email represents the cheapest, simplest and most effective tool to exploit as many victims as possible in the shortest timeframe to spread malware.

learn more
86
percent of phishing attacks are u.s. victims

Secure Email Gateways will enable the neede security rules to stop phishing carried out by email spoofing, and attempts to direct recipients to enter personal information at fake website to the spoofed legitimate equivalent.

learn more
196
days on average to identify a data breach

Knowing is half the battle. Leverage our verdicting platform to access 100% trusted file verdicts within 45 seconds on 92% of malware via analysis, and 4 hours on the remaining 8% via human experts.

learn more

Validate Your Cybersecurity Score with our Instant Security Scorecard

Our process for providing intelligent cybersecurity solutions are unique to every organization. We examine your entire organization’s network from the inside and outside of traditional approaches.

GET MY SECURITY SCORE →
Advanced Penetration Testing

Services & Solutions

For organizations that maintain an Internet presence beyond web sites and applications, Comodo Dragon Labs will perform comprehensive network penetration testing. We will identify live hosts residing on networks either associated with or provided by the target organization, and the services provided by them. Vulnerable services will then be exploited to gain remote access and victim machines will be leveraged for lateral movement through the network or further penetration of the infrastructure.
For web applications, we can provide both black and gray box assessments. In the former case, where authenticated users of an application are trusted however access to the application by the Internet public is not permitted, our attack will consist mainly of trying to gain unauthorized access. In the latter, where authenticated users of the application (those who have user accounts to which they can log in) are not trusted or when any member of the public can create and use an account on the application, we will perform a credentialed attack against its functionality. In all cases, testing will include but not be limited to authentication, session management, input validation, and business logic to name only a few. All testing is performed manually. We do not rely on automated scanning solutions. These are for vulnerability assessments which we do not provide currently.
For entities whose wireless networks are accessible to potentially malicious actors, Comodo Dragon Labs can perform wireless penetration testing. This includes any organization that provides public, guest, or temporary Wi-Fi access and who’s wireless network is used for the transmission of sensitive data or is connected to an internal network.
Are your data assets that are available on your internal network valuable enough for a determined advisory to send a malicious actor into your organization? For those organizations that do indeed face such a threat, Comodo Dragon Labs can perform an internal assessment. After learning the requisite skills and applying successfully for a position within the organization (or gaining physical access employing some similar arrangement with upper management such as a consulting role) our team member will surreptitiously assess any internal networks to which his workstation can connect. Direct, face to face social engineering of employees or security personnel as well as unauthorized physical access to restricted areas such as server rooms may also be performed.
The estimate of data-breach frequency has been a reality for some time now. As such, better coding and software security standards have evolved. This makes web, application, and network-based attack vectors less common and more difficult to exploit successfully. In response, attackers have turned to other methods of compromise such as social engineering. Per Wikipedia “Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.” Attacks come in many forms, all which Comodo Dragon Labs can execute.
In a phishing campaign, an email containing content designed to manipulate and/or send a malicious payload to many recipients at a target organization. Following the instructions or performing an action (such as clicking a link or running a macro) will give an attacker control of the victim’s workstation. Comodo Dragon Labs hackers’ skill sets are not limited solely to technology. We seek and employ only individuals with diverse interests and backgrounds, especially those with experience in the Arts. This provides the strong creativity required to devise an email related to a target organization’s industry or sector that will not simply promise some random reward for clicking a link but rather vastly increase the likelihood of targeted users’ falling prey.
In some cases, a target entity’s data assets are sufficiently attractive to attackers that they will spend the time and effort to target specific individuals within an organization with phishing emails designed specifically for them. After gathering intelligence against a individual, an email tailored to their interests, traits, or habits will be crafted and sent. This attack vector, although time-consuming, is extremely effective.
Mature environments’ IT infrastructures have been thoroughly tested and their security teams are highly accomplished at maintaining their security stacks. Software is kept up to date and secure with effective patch management strategies at every level. Servers are scanned regularly for vulnerabilities, workstations run the latest endpoint protection and most phishing attacks are thwarted by effective albeit resource-intensive anti-spam solutions. Comodo Dragon Labs team members are not solely technology experts. Our backgrounds include military, intelligence, and prior relationships with law enforcement. Our tradecraft includes fully undetectable accents in three widely spoken Western languages as well as very strong telephone and public speaking skills. For those organizations that face this category of threat, we’ll phone you.
For entities whose threat models include highly determined adversaries with considerable resources in addition to wide skill sets and where the physical security of their data assets is a concern, Comodo Dragon Labs can provide physical penetration testing. Whether through personal effectiveness, interaction and intercession skills used for face to face social engineering or over 40 years experience in black bag operations and extensive training in physical penetration and electronic access control hacking, if your organization faces a physical threat, we can simulate it.
For entities, such as utilities, transportation centers, medical facilities or any other whose industrial systems include supervisory control and data acquisition systems, the Dragon Labs team has training and experience for assessing their security. From business analysis and target selection to direct manipulation of controller environments, we can assess the overall security of your industrial infrastructure with minimal or no business impact. Unlike the other categories described above, we limit our level of exploitation to proof-of-concept.

INSIDE THE DARK WEB.

Kamerka OSINT Shows Critical Infrastructure Connected to the Internet in Your Country

Kamerka allows you to see what a hacker is looking at. It draws up maps with SCADA devices, webcams and printers which have been displayed in any particular country on the Internet. A Polish securi...

continue reading
Compromise Email is the latest Identity Disappointment Assault

Deception in identity attacks continues to increase, but the type of attack seems to change. In Q3 2019, phishing campaigns by brands fell 6% compared to the previous quarter. Nevertheless, assault...

continue reading
Hackers are Guilty of Software Breach that is Shielded

Two computer hackers pleaded guilty to developing an extort scheme that tangled Uber in a year long cover-up of a data breach that stolen sensitive information from approximately 57 million passeng...

continue reading