Did you know your pricing strategy is
on sale
on the dark web?

Did you know your medical records are
on sale
on the dark web?

Did you know your login credentials are
on sale
on the dark web?

Wait WHAT?

  • A single credit card with complete information can be sold for $6 to $30 and login credentials are sold by the dollar on the dark web.
  • Supply chains are vulnerable. 83% of the top U.S. retailers have connections to a vulnerable third-party asset
  • Breaches impact customer loyalty. 78% of customers would be concerned about doing business with a retailer who had experienced a breach
  • 90% of executives complained of increased cyberattacks due to COVID-19. Retail cyberattacks occurs just short of twice each day
  • Attacks are not focused just on the online retailer. 30% of retailers have an asset that either was, or is currently being abused, in an active hacking campaign, and 23% have a compromised asset that is under the control of hackers

Web Application Server Vs Not Web Application Server assets in Retail Payment data breaches over time.

Graph 1

Source: 2020 Verizon DBIR

Industry attack types
Percentage breakdown of industry attacks by type, from X-Force incident response data, 2020.

Graph 2
Ransomware
Data theft
Server access
BEC
Credential harvesting
Other

Wait WHAT?

Medical records are worth between 10 and 40 times more than your credit card number on the dark web. As much as $1,000 each!
The number of devices used in hospitals makes it hard to stay on top of security. Hospitals account for 30% of all large data breaches.
90% of executives complained of increased cyberattacks due to COVID-19.


According to the May 2021 Healthcare Data Breach Report:

  • 2 data breaches per day are reported to the Department of Health and Human Services’ Office for Civil Rights.
  • Almost 40 million records (39.87M) have been breached in the past 12 months
  • Hacking of network servers dominate the breach reports.
  • More than 50% of the incidents were breaches reported by the healthcare provider but occurred at a business associate.

U.S. Healthcare Data Breaches in the Past 12 Month

Graph 1

Healthcare Records Compromised over the Past 12 Month

Graph 2

Wait WHAT?

  • Login credentials to a $50,000 Bank of America account are sold for $500 on the dark web; $3,000 in counterfeit $20 bills for $600; seven prepaid $2,500 debit cards for $500 on the dark web [express shipping included).
  • 82% of CIOs, CTOs and CISOs said attacks have become more sophisticated.
  • 98% most prominent and well-funded fintech startups are vulnerable to phishing, web and mobile application security attacks.
  • 100% of the mobile applications contain at least 1 security vulnerability of a medium risk, 97% have at least 2 medium or high-risk vulnerabilities.
  • 90% of executives complained of increased cyberattacks due to COVID-19.

Breakdown of attacks per industry
Attacked industries in 2020, shown as percentage of attacks per industry.

Graph 1

Source: IBM Security X-Force

Industry attack types
Percentage breakdown of industry attacks by type, from X-Force incident response data, 2020.

Graph 2
Ransomware
Data theft
Server access
BEC
Credential harvesting
Other

How does your data end up on the dark web?

All computer software contains defects, commonly known as bugs. Bugs are mistakes along the software development process. And they are everywhere: in your computer, in your phone, in any device connected to the Internet! Some of those bugs are of a special kind because they introduce security holes. Security holes that an attacker can deliberately trigger and take advantage of. In computer-security language, we call these bugs “vulnerabilities.” Right now a hacker could be exploiting these vulnerabilities in your systems to collect and openly sell your data on the dark web.

Main Video
Remote code execution

This video shows how a bank website is attacked to access back office systems. This attack is possible through the manipulation of server responses coming from and to the server. Notice this is a real pentesting vulnerability exploit scenario.

Small Video 1
Account takeover

This video shows how subverting the intent of the password reset process an attacker can steal any home banking user and password. Notice this is a real pentesting vulnerability exploit scenario.

Small Video 2
Financial fraud

This video shows how an attacker can add credit to a gaming account without discounting funds from the funding account. This fraud is completed when visiting a store to withdraw those funds. Notice this is a real pentesting vulnerability exploit scenario.

Software vulnerabilities

Software vulnerabilities like an SQL injection (a.k.a. SQLi) is a type of code injection technique where data-driven applications are attacked by the execution of malicious SQL statements. These statements can take control of your database servers. Attackers can gain access to sensitive information, such as passwords, credit card details, or personal user information. They can even maintain persistent backdoors into an organization’s systems that go unnoticed for a long time. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines.

Organizational vulnerabilities

Organizational vulnerabilities go by many names: Personnel vulnerabilities, data breach or data leak. They are the release of sensitive, confidential or protected data to an untrusted environment. In other words, in a data breach, hackers or employees release or leak sensitive data. As a result, the data might be lost, or used by perpetrators for various malicious purposes. A data breach can result in the leak of Financial data, Medical or Personal Health Information (PHI), Personally Identifiable Information (PII), Intellectual property or Vulnerable and sensitive information.

Logic vulnerabilities

Logic vulnerabilities like insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. IDOR are one example of many access control implementation mistakes that can lead to access controls being circumvented. The short-term consequences: Fines, fees and frustration. The long-term consequences: Loss of trust and diminished reputation.

Network & Hardware vulnerabilities

Is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. There are many types of vulnerabilities under this category like: ​​cache poisoning, DNS attack, smuggling and DoS. For example, a denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload the system and prevent some or all legitimate requests from being fulfilled.

We are here to help!

Everything is a system, every system can be hacked, and humans are natural hackers. Our offensive security offerings put you one step ahead of cybercrime. We offer customized and advanced offensive cybersecurity professional services. We are committed to understanding how cybersecurity vulnerabilities affect your business goals. And we foster long-term partnerships with our clients to face world-class technical challenges.

100% effectiveness

We have found critical vulnerabilities in all of our more than 250 pentests and counting.

We understand your business

to protect your most valuable assets.

Achieve enterprise level cybersecurity

Your technical challenges are our motivation.

We value collaboration and community

to grow with our clients.

We are a highly specialized team

Our team of ethical hackers are respected by their peers.

We use Artificial Intelligence

to scale up our penetration testing capability.

How do we find these vulnerabilities?

Penetration testing IS NOT vulnerability scanning.

Penetration testing is a security testing service provided by an independent third-party professional information security team to an organization. The team performs security attacks on the organization by imitating a hacker’s mindset. The attack may target from one single system to the whole organization. The goal of this service is to locate underlying vulnerabilities, to assess the impact on the organization’s data and equipment, and to provide remediation for these vulnerabilities.

A vulnerability scan can be done with automated scanner software which is relatively faster and cheaper. However, vulnerability scans can only detect already known vulnerabilities, rather than discovering new security issues and providing remediations.

Penetration testing relies on experienced information security experts skills to combine different security loopholes into attack chains and carry out persistent attacks to verify whether there's any method to break available defenses.

We package four different offerings based on target systems and attack surface.

Web application pentesting

Websites are now the entry point of choice for hackers and cyberthieves. Mistakes or omissions made while coding web applications can enable attackers to copy or modify information in corporate databases, carry out fraud, penetrate a company’s internal network, and much more.

Mobile application pentesting

Both business and public organizations today are using mobile apps in new and compelling ways, from banking applications to healthcare platforms.
Managing security risk is a growing challenge on these platforms, with new vulnerabilities found every day. We conduct in-depth static and dynamic (run-time) analyses of iOS and Android devices and apps. We explore your app’s attack surface in a realistic way using the same tactics real-world attackers use to identify weaknesses that lead to your most likely paths of compromise.

Infrastructure pentesting

IT infrastructure is central to the day-to-day operations and management of businesses. Cyberattacks can come from outside or inside the company. An infrastructure penetration test stresses the security of elements that can be attacked from the outside of the company (IPs, servers) or from the inside (servers, workstations, networking devices.) We use machine learning models to predict the behavior of infrastructure devices to scale up our ability to find vulnerabilities.

Enterprise pentesting

This is the placeholder for our most customizable solution. The objective of this service is to identify the degree of Internet exposure of an organization. We concentrate on high-impact vulnerabilities that allow us to compromise your information’s confidentiality, integrity and availability (CIA). Usually this work ends in a lateral movement, data exfiltration or a full company take over.

Let’s talk about which pentesting service is right for you

We are so confident in our ethical hackers’ skills that the first one is on us!

… but if we actually manage to hack your business you pick up the check!

Our methodology

Nexa’s Penetration Testing Professional Services Methodology
Industry standards &
best practices
Research &
certifications
Hackers mindset
Business knowledge
High quality deliverables
Our unique evaluation and diagnosis methodology is based on the Open Source Security Testing Methodology Manual (OSSTMM), OWASP Security Testing Guides and NIST 800-115 methodologies. These standards are combined with the experience of our specialists and industry best practices. Our experts are actively involved in identifying the world’s most critical cybersecurity flaws through ongoing hands-on research and bug bounty programs. We have found vulnerabilities to companies such as Apple, Verizon Media, AT&T, DirecTv, Paypal, Shopify, MercadoLibre, Rappi, Delivery Hero, Oracle, among others. And we constantly make this experience formal by pursuing critical industry certifications:

  • Certified Ethical Hacker (CEH)
  • Certified Hacker Forensics Investigator (CHFI)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Web Expert (OSWE)
  • Offensive Security Experienced Penetration Tester (OSEP)
  • Offensive Security Certified Expert (OSCE)

NEXA’s pentesting professional services methodology is used throughout all of our offensive security offerings. We offer application, networks, cloud, product, and devices penetration testing professional services to create packaged or custom offerings designed to meet your specific testing needs. Understanding an organization is key to a successful pentesting project so we take the time to learn your business rules. And once we know them in and out we can manage to subvert the intent to get the ultimate pentesting prize:

A full company takeover

This goal is usually reached by a combination of:
  • Unauthorized access
  • Remote code execution
  • Sensitive data leak
  • Account takeover
  • Compromised business logic

Our services go from white box to black box engagements. In white box engagements we have full-knowledge of the target systems including the source code. In black box projects we only know which the target systems are. As the work of our team progresses a detailed log of the finding is transformed into an audit report. This report includes identified vulnerabilities, detailed evidence to recreate unauthorized behaviours and possible operational means to correct them. We understand that the audit report can be somewhat daunting for all incumbent audiences within an organization. And that is why we select a critical and exploitable vulnerability to produce a high impact exploit video. The quality of the audit report and accessibility to a broader audience of the exploit video are what make our deliverables stand out against the competition.

Methodology phases

These are the phases we go through when we start working on your project.

Phase 1 - Reconnaissance
“Recon is everything.”
Reconnaissance is key to understanding your business and how it interacts with the rest of the world. We carry out OSINT (Open Source Intelligence) in order to identify, collect and document relevant application and technology information from the organization that may be useful to plan our attack, such as who are the programmers or are there public repositories of code.
Phase 2 - Automated massive scan and search for public exploits
An exhaustive search is performed for public vulnerabilities affecting the infrastructure and applications found in Phase 1. In this stage we use tools designed to perform an automated discovery of security breaches.
Phase 3 - Manual Analysis and intrusion Attempt
In this stage we try to exploit vulnerabilities found in previous phases performing manual intrusion attempts. We prune false positives. Also, a manual search and exploitation are performed for those vulnerabilities not previously detected by the automated tools. All vulnerabilities and techniques found are exploited at this point, seeking to achieve privilege escalation within the admin rights of the target application and/or infrastructure.
Phase 4 - Audit report and high impact exploit video
Once completed the process a vulnerability with the highest impact on information confidentiality, integrity and availability is selected to create the high impact exploit video. The final report and deliverable items are produced at this stage. These may include remediation recommendations, high impact exploit video, testing executive summary, executive presentation and specifications for development teams.