PTP’s Penetration Testing service assesses the security posture of your digital assets. We identify risks and security issues and provide recommendations on how to address these security issues to harden the asset to make them resilient to compromise. We have proprietary methodologies based on various security best practice frameworks.

PTP’s highly experienced penetration testers have a wealth of experience and understanding of a huge variety of environments.

We’ve tested in large corporate infrastructure, government departments, education establishments, retail giants, Banks & Airports.  We’ve tested ships and rigs (while at sea!), Planes, Trains and connected and electric vehicles, the power grids and stations that keeps countries running, as well as the payment, transport, and fulfilment systems on which everybody is reliant.

Assessment Services

• Bespoke & Web-based Application Testing
• Web Application Architecture Reviews
• Application Code Reviews
• Testing of mobile devices
• Enterprise Application Security Testing
• Enterprise Database Security Audits
• SCADA Process Control Audits
• VoIP Assessments and Security Consultancy
• Mail Server Deployments
• Infrastructure and Architecture Security Reviews
• Scenario-based Penetration Testing
• Automated Infrastructure & Application Perimeter Scanning
• IT Health Check
• Wireless 802.11x Assessments & Rogue Access Point Identification
• Operating System, Network Device & COTS Application Build Review
• Firewall Rulebase Audit
• Client Security (kiosks, workstations, laptops, mobile devices)

Contact: Tariq Ahmed, Head of Sales

email: [email protected]
Phone: +44 (0)20 3095 0500

Digital Forensic Incident Response (DFIR)

As a CREST-Approved Computer Security Incident Response Team, PTP has a wealth of experience in helping organisations respond to and recover from real world cyber security incidents from attackers of varying levels of sophistication, including against Advanced Persistent Threat (APT) groups.

We use a variety of cutting-edge tools and technology to conduct DFIR services, including proprietary tooling and third-party recognised best-in-class tools such as CrowdStrike, Autopsy, Cyber Triage and Axiom.

• Compromise Assessments
• Incident Response Services
• Incident Response Retainer Services (includes Compromise and Maturity Assessments)
• IR maturity Assessment
• First Responder Training
• Digital Forensics Services
• 24/7 hotline
• Preferential days rates for retained service
• Market-leading Service Level Agreement (SLA) response times for retained service
  • Telephone assistance 4 hours
  • Remote access into environment 16 hours
  • UK Onsite response 24 hours

Contact: Luke Davis – Head of DFIR
[email protected]
Phone:+44 (0) 7496 223060

Contact
Antonio Cassidy
+44 (0)20 3095 0500
[email protected]

Pen Test Partners can offer a tailored approach to vulnerability assessment, ranging from daily delta port scans to detailed vulnerability assessment of hosts and services.

Contact

email: [email protected]
Phone: +44 (0)20 3095 0500

Contact

email: [email protected]
Phone: +44 (0)20 3095 0500

STAR (Simulated Target Attack and Response) is threat intelligence led Red Teaming

PTP have extensive experience performing STAR engagements, as well as other threat intelligence-led exercises under frameworks such as GBEST, GCASE and CBEST.

STAR is a framework for non-financial organisations, using the same methodology as CBEST assessments, to conduct a structured and professional intelligence led penetration test by accredited providers.

https://www.pentestpartners.com/penetration-testing-services/crest-star-cbest-testing/

STAR-FS Assessments

Pen Test Partners delivers STAR-FS Red Teaming to assess the Prevention, Detection and Response capabilities of financial institutions, so that they maintain resilience against attack from sophisticated threat actors.

Simulated Targeted Attack and Response – Financial Services (STAR-FS)

What is STAR-FS?

STAR-FS is a framework for providing Threat Intelligence-led simulated attacks against financial institutions in the UK, overseen by the Bank of England and Prudential Regulation Authority (PRA). STAR-FS has less regulatory oversight in comparison to CBEST, and is conducted upon more organisations than CBEST.

Using intelligence gathering sources, this service aims to test real world attack scenarios that are being successfully exploited in the wild.  This is used to identify potential weaknesses in the client’s attack surfaces and in turn gain an understanding of the real risk to their high value systems.

How we operate

Security evaluations rarely take the user in to account. Hence, one can have an apparently secure environment that can be compromised with ‘real world’ hacking skills, taking advantage of people’s curiosity and willingness to help.

Our targets are usually data sources such as internal financial systems, employee HR records, high value customer databases such as the CRM, customer credit card data, intellectual property, board meeting minutes, anything that could be of value to a third party.

We sidestep technology, focusing instead on critical data, just as a motivated hacker would. This also helps the business understand the risk associated with these events, rather than getting lost in a list of overly technical vulnerabilities

What makes us a STAR-FS vendor?

As mandated by the Bank of England and PRA, to deliver the Red Team aspect of a STAR-FS, the engagement must be led by a CCSAM (CREST Certified Simulated Attack Manager) and a CCSAS (CREST Certified Simulated Attack Specialist). Both the CCSAM and CCSAS must also have 14,000 hours of penetration testing experience, and 4000 hours of testing financial institutions.  Pen Test Partners maintains the appropriate technical knowledge, skill and competency required to deliver STAR-FS services as required by the Bank of England and PRA.

Contact: Tariq Ahmed, Head of Sales
email: [email protected]
Phone: +44 (0)20 3095 0500