Our Security Hackathon sessions incorporate field-proven security testing techniques. The sessions are similar to traditional penetration testing – our objective is to identify and demonstrate weaknesses – but better . You gain a hacker’s perspective but members of your team work right alongside ours… you get training and experience to help your team prevent threats down the road.
Explore our Security Hackathon options – we’ve included half a dozen great sessions hand-picked by our consulting team. We’ve even shared an idea of the cost of each session (if you are a larger organization, we may need to adjust scope and the cost may be higher). If you don’t find at least one session that fits your needs, contact us to tailor a Security Hackathon to fit.
The exploring your network hackathon charges head-first into an under-documented and little-understood frontier... your network. The team uses open source and commercial tools to probe your network, building an inventory and drawing a map of your network topology. Your staff develop a solid understanding of the devices on your network, create much-needed network diagrams, and apply the knowledge to identify risky services and connections dwelling within your network.
The open source intelligence (OSInt) hackathon gives you an understanding of what adversaries can learn about your organization. The team searches publicly available sites and databases to gain an understanding of information about your facilities, technologies, service providers, and personnel that could be used in hacking and social engineering attacks.
The hacking the perimeter hackathon tests the devices placed at your network's edge to keep bad guys out. The team maps your perimeter – Internet and third-party links, cloud connections, and work-from-home users – searching for holes an attacker could exploit. Your staff will practice probing and auditing firewalls, checking security settings and rules on the devices that define your perimeter.
The phishing hackathon shows how phishing attacks can expose your systems and data to attackers. The team builds a simple phishing attack from the ground up then crafts a more complex spear-phishing campaign – targeting your organization! Your staff will learn how phishing attacks work and indicators of compromise that can identify and contain attacks. This hackathon includes a 1-year license (50 seats) to a commercial phishing platform.
The hacking a web application hackathon does a deep dive into web app' security. The team tests web software to find weaknesses like SQL injection, cross-site scripting, weak authentication, and bad session management. Your staff work hands-on with web hacking tools to learn how bad guys formulate web attacks and take advantage of coding mistakes, gaining access to servers and data.
The targeting wireless networks hackathon explores the wireless networks that bring equal measures of convenience and risk. The team searches for wireless networks, official or otherwise, that could provide a path to sensitive data. Your staff will gain a better understanding of the invisible networks around and connected to yours, and will learn to detect and defend against rogue access points and spoofed networks.