Services - Lighthouse

At the moment, only computer network infrastructure penetration testing services are being offered. Once the initial phase of setting up the company is finished (i.e. once it is fully up and running), web application penetration testing services will be offered, as well (ETA 2022).

Although not planned at the moment, depending on the market's demand and the direction the company will be evolving in, red teaming testing services may be offered, in the future (ETA 2023-2027).

Infrastructure (network) penetration testing

Includes external and internal tests. Both types of tests assess the current state of the client’s IT infrastructure, from a technical IT security perspective.

External infrastructure tests focus on the infrastructure, which is publicly accessible (i.e. from the Internet; perspective of an attacker with Internet access). These tests are conducted over the Internet.

Internal infrastructure tests focus on the infrastructure, which is accessible from within the organization (i.e. from the organization’s local network; perspective of (1) an attacker that breached the perimeter or (2) a malicious employee). These tests are conducted on-site, or, alternatively, via VPN (the new standard, due to recent travel restrictions) and are, generally, focused on Windows environments (Active Directory).

Both types of assessments consist of a combination of manual and automated tests. In addition to focusing on identifying risks of highest severity, first, an emphasis is also put on covering the whole test scope.

Projects delivered professionally, so far, include European clients, within the following sectors: finances, government agencies, critical infrastructure and manufacturing.