• info@begonia-group.fr
  • +33 7 55 54 56 63

Penetration Testing & Red Team

The concept of penetration tests is based on the exploitation of identified flaws in order to measure the real impact on information system security of the audited organization. These tests simulate attack scenarios prepared in advance under real conditions. The objective is to test the resistance of the information system to computer attacks from inside or outside the organization's network (i.e., Internet network).

  • • External pen tests: assess the ability of an external attacker to penetrate internal network of the audited body.
  • • Internal pen tests: allow the impact of a malicious act carried out from inside network of the audited organization to be assessed.
  • • Red Team: used to assess the impact of a malicious act by exploiting all possible scenarios (social engineering, physical or logical intrusion, etc.)

BEGONIA GROUP's audit approach is based on:
  • • ANSSI (National Agency for Information Systems Security)
  • • SANS (SysAdmin, Audit, Network, Security)
  • • CIS (Center for Internet Security)
  • • publishers' security standards as well as the state of the art auditee's specific business constraints.
Generally, these tests are carried out according to the following steps:
  • • Identification of the audited scope;
  • • Search for vulnerabilities;
  • • Implementation of attacks (exploits);
  • • Impact measurement;
  • • Proposal of recommendations and corrections.
In this case, the penetration test will proceed as follows:
  • • Passive Recognition (using Cyber Threat Intelligence)
  • • Black box approach: The tester has no prior knowledge of the environment before the attack;
  • • Gray box approach: the tester has partial knowledge of the environment to be audited;
  • • White box approach: the tester has all the information that allows him to examine the complete architecture and not just the directly visible attack surface.
N.B: In order to avoid consequences related to possible malfunctions on a production environment, it is preferable to carry out penetration tests on a test or pre-production environment in order to avoid system to stop or critical data alteration.
For every approach, BEGONIA GROUP will schedule a feedback meeting to discuss the identified vulnerabilities and at the end of the audit, a closing meeting will present a summary report, the scenarios of exploitation of certain vulnerabilities and the list of recommendations.
Later, BEGONIA GROUP offers you a “validation audit” to ensure and verify that the corrective measures proposed during the audit have been correctly implemented.

Client Login area