Ethical Hacking

Assessment & Compliance Services Division

847.221.0200 halock.com

Solution Overview
Solution
At-a-Glance:
 Performed internally
(internet accessible), exter-
nally (private), or both
 Locate and identify respond-
ing hosts
 Exploitation of indentified
vulnerabilities with the in-
tent of gaining access to
sensitive information assets
 Detailed reporting of findings
and risks including narrative
scenarios that walk you
through each step of the
attack
 Identify and document ap-
proaches and recommenda-
tions to resolve security
vulnerabilities
In the race to develop online
services, networked hosts and
underlying applications have
often been deployed with mini-
mal attention to security risks.
The result is that most corpo-
rate sites are surprisingly vul-
nerable to hacking or indus-
trial espionage.
To test this, Ethical Hacking
(sometimes referred to as
Penetration Testing) is per-
formed in conjunction with
vulnerability scanning.
Halock’s "Red Team" of ethical hackers can perform an in-depth analysis of identified potential
high risk vulnerabilities with the primary objective to gain access to sensitive data assets within
the organization environment as a practical demonstration of what a malicious individual could
accomplish.
Many vulnerabilities, when viewed independently, do not pose a great risk to the organization.
When these weaknesses are combined and placed in the hands of a skilled attacker, the result is
often a breach. Understanding and resolving configuration and security issues helps prevent the
organization from experiencing and having to disclose a real attack in the future.

Professional Services Included : Pricing:

 Manual testing directed at fully exploiting  Advanced testing techniques including SQL  Pricing varies based on the
identified key vulnerabilities Injection, ASP and CGI script size, complexity, and depth of
testing
vulnerabilities, Cross-site scripting, Hidden
 Attempts to gain authenticated access to -field manipulation, Authentication  Typical Ethical Hacking en-
protected systems using "brute force" vulnerabilities, Session hijacking, Database gagements range between
techniques of guessing login names and errors, Directory traversal, Form field data $5,000 and $20,000
passwords validation  Additional fees apply to in-
depth application testing
 Advanced techniques of system compromise,  Exploiting sensitive information contained
such as utilizing buffer-overflow in within application source code and
vulnerabilities to implant "root-kits" on target underlying systems
systems, which can then be used for further
privilege escalation  Documentation of findings, including
detailed walkthroughs of exploit scenarios

1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
 847.221.0200 halock.com

Ethical Hacking: Scope Worksheet

Any system with detected vulnerabilities can be targeted for ethical hacking. If there are specific systems
Halock should focus on, please indicate below:

SYSTEM IP ADDRESS NOTES

Are there any special considerations that need to be taken into account (i.e. Off site hosting)?
Please list.

1) _____________________________________________________________________________

2) _____________________________________________________________________________

3) _____________________________________________________________________________

4) _____________________________________________________________________________

1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com