CYBERSECURITY

Offensive security practices allow identification of control failures through experimentation to build confidence in a system’s ability to defend against malicious conditions. An organization can gain a strategic advantage against malicious adversaries by proactively testing its security posture.

 

The main types of assessment services provided by HN Security are described below. If needed, they can be combined to provide the most suitable security assessment for each specific scenario.

Red Teaming (Advanced Adversary Emulation)

Red teaming is a complete attack simulation conducted on multiple levels. Beside common attacks against applications and infrastructure, red teaming exercises may include unconventional attack techniques, such as OSINT, social engineering, and physical intrusions.

The objective is to evaluate and improve the resilience of people, processes, and technology in an organization against real world adversaries.

 

Application Assessment (Web, Mobile, API, Client-Server, Chatbot, Voice Assistants)

Over the years we have analyzed hundreds of different platforms, ranging from classic web applications to modern mobile apps, from APIs to client-server applications, from chatbots to voice assistants.

We are pioneers in this discipline and we develop tools that have been globally adopted by cybersecurity professionals. Our methodology allows us to discover and exploit vulnerabilities that are often overlooked by competitors.

 

System Assessment (Active Directory, Servers, Cloud, Containers)

We specialize in security assessments conducted against Active Directory, both on-premise and on Azure, at any level of complexity.

We cover new Cloud technologies developed by the main service providers (AWS, Azure, GCP).

Our intimate knowledge of modern and legacy operating systems allows us to assist our customers in securing any kind of system.

 

Network Assessment (IP, VPN, Wi-Fi, VoIP, NFC/RFID, Bluetooth, LoRaWAN)

Our intimate knowledge of network architectures, communication protocols, and legacy and modern equipment allows us to conduct quality security assessments against all kinds of network infrastructures.

From identification of known and unknown vulnerabilities to manual exploitation, we can realistically simulate attacks against wired and wireless, public and private, voice and data networks.

 

IoT Assessment (IoT, Smart Devices, Access Controls, Video Surveillance)

We boast a vast experience in the analysis of IoT devices in different environments, from smart home to automotive systems, from gaming to building automation.

We can evaluate the robustness of different hardware and software products for both vendors and end users.

We have measured the security posture of physical access control and video surveillance systems for corporate customers and national critical infrastructures over the years.

 

SCADA/ICS Assessment (SCADA/ICS, Critical Infrastructures)

Thanks to our professional experiences in the field and our participation to international research programs, we have come to intimately know the peculiarities of national and European critical infrastructures, especially in the oil & gas, electricity, and air traffic management sectors.

In addition, we have evaluated the security posture of factory automation technologies deployed in various industries.

 

Banking/Fintech Assessment (Internet Banking, Mobile Banking, Mainframe, ATM)

We have performed security assessments against hundreds of applications and infrastructures in the financial sector over the years.

From Internet and mobile banking platforms to payment systems, from mainframes to ATM devices, our team specializes in banking and Fintech security assessments and has gained deep knowledge of this sector’s technological, operational, and regulatory requirements.

 

Platform Assessment (Design, Architecture, and Configuration Review)

We can assess the security posture of any hardware or software platform, from the design phase to deployment, by employing our proprietary threat and maturity modeling methodologies.

Some examples of services that we can provide: attack surface analysis, configuration review, secure design review, IAG assessment, password analysis and network segregation testing.