A French company, a European commitment

TEHTRIS solutions are entirely developed in France and hosted in Europe. Discover the values of excellence and innovation that drive our teams.

Pentest

Our experts perform advanced technical operations such as intrusion tests simulating cyber espionage operations under an ethical hacker contract. These simulations can be:

  • Restricted to a particular application in order to discover any vulnerability allowing you to grant yourself specific rights, access sensitive data, etc.
  • Extended to the entire network and internal and/or external infrastructure to analyze the exposure area, find infrastructure vulnerabilities and show how an attacker would find and connect multiple vulnerabilities to compromise the network and its data.
Pictogramme : Personne derrière un ordinateur portable

To illustrate, here are some examples of topics and environments addressed in recent years during digital security projects or security assessments through intrusion tests:

  • Advanced Persistent Threat (APT) & In-depth Hacking
  • Exfiltration of sensitive data outside the infrastructure beyond proxies, DLP, etc.
  • Servers, workstations, applications, Active Directory Windows, UNIX, etc.
  • WEB applications, APIs, Docker environments, Cloud applications (AWS, Kubernetes, etc.)
  • Limitations of protection tools: antivirus, firewall, anti-spyware, proxy, NAC, etc.
  • SCADA (plants), supercomputing (infrastructures), CCTV (network cameras)
  • LAN, DMZ, VPN, WEB, VoIP, Wifi, databases, etc
  • Mobile fleet and tablet management (MDM)
  • Mobile Device Management)
  • Old-school PBX – PABX infrastructures

Remote pentest

On-site pentest

On-demand 0day research
for critical products

Some examples of vulnerabilities discovered by TEHTRIS, shared directly with the affected vendors

Example of a simulated attack scenario by TEHTRIS to identify it risks for a customer

The test is defined as a black box test from the internet to simulate an external attacker. No information is given other than the company’s external IP ranges. In a few days, TEHTRIS can :

  • Perform reconnaissance on the external IP ranges of the company in order to list the exposed assets (IPs, OS, Applications, domains…)
  • Find several vulnerabilities on the exposed applications (pre-authentication) that allowed to execute commands on the backend OSes
  • Bypass security solutions on exposed web servers (WAF, Antivirus, firewalls …) and deploy post-exploitation tools in order to bounce back on the internal network
  • Scan the internal network from one of the web servers for a quick recognition phase
  • Discover vulnerabilities in internal applications
  • Rotate and escalate privileges on the Active Directory Domain
  • Get “Domain Administrator” privileges on the Active Directory


At the end of the test, a meeting is held with the client to discuss the various problems identified and possible improvements. A detailed report containing the exploited vulnerabilities and recommendations for patches/mitigations and infrastructure improvements are delivered to the client.

 
Cyber or not cyber ?

Once a month, receive the essential news and cyber watch by subscribing to the TEHTRIS newsletter.