Zakres testów bezpieczeństwa The scope of TLPT security testing includes a comprehensive assessment of an organisation’s resilience to real-world cyber threats, from both a technical and organisational perspective.
The tests include:
- IT infrastructure analysis: Network scanning, identification of active hosts, open ports and vulnerability detection using tools such as Nmap, Nessus or OpenVAS.
- Attack simulation: Realisation of attack scenarios based on Threat Intelligence data, using exploits (e.g. Metasploit) and techniques in line with the MITRE ATT&CK framework, simulating e.g. lateral movement (vertical and horizontal), privilege escalation or data exfiltration.
- Operational process testing: Verification of the effectiveness of incident response mechanisms, log monitoring and real-time event analysis using SIEM, IDS/IPS and EDR systems.
- Assessing staff awareness: Conduct socio-technical tests such as simulated phishing, smishing and vishing attacks to assess staff preparedness for cyber threats.
With such a broad scope, TLPT test allows for accurate identification of vulnerabilities and provides comprehensive recommendations for strengthening an organisation’s security.