Penetration Testing
Internal Infrastructure Pen Test
Special price:
For any* internal infrastructure penetration test delivered before the end of 2024, URM will provide a free domain passwords audit. The audit will allow your organisation to assess the strength of the passwords set by your domain users. The activity aims to identify the use of weak passwords across your domain, for both administrative and non-administrative users. The activity consists of cracking the passwords of all your domain users, using wordlists and rules in order to provide analysis of cracked passwords (e.g., % of total passwords cracked, top 10 most used passwords, passwords using common base words like ‘password’, ‘welcome’, ‘letmein’, low priv and admin users sharing the same password, dates in passwords like ‘Tuesday123’, ‘Summer2023’, number of admin accounts with weak passwords, etc.).
T&Cs applies
Why URM?
As a CREST-accredited organisation, URM is able to provide reassurances that all the policies, processes and procedures which underpin its cyber security penetration testing have been independently assessed and deemed to be fit for purpose. Furthermore, accreditation to the CREST OVS programme reflects URM’s commitment to employing highly skilled individuals who are able to deliver Level 1 and Level 2 ASVS and MASVS assessments for web and mobile applications. With its CREST penetration testing URM is able to support you through the whole penetration testing process, providing support during all the phases of the project.
Terms and conditions of offer
- Your organisation must have an on-premise Active Directory and provide Domain Admin equivalent privileges to URM in order to extract the password hashes from the domain controller.
- This type of password audit cannot be provided when using purely cloud-based domains.
- The offer is limited to organisations with up to 1000 users within their domain(s). The number of domains is not critical, as long as the total number of passwords to crack is less than 1000. If there are more than 1000 passwords to crack, URM can provide a quotation.
"
After a bad experience with a previous provider, we looked to URM for QSA support. The URM QSA we have worked with is phenomenal, and considerably better than our previous QSAs. My team enjoy working with him, and find him to be extremely credible and effective. Whenever we have asked our QSA and account manager whether additional work is required outside of the annual cycle, there has never been a hard sell of any of URM’s services, and instead offer advice based on our compliance requirements and business needs. Our URM QSA always consults with the aim of making compliance as straightforward as possible, and pointed us towards a way of significantly minimising and streamlining our assessment scope that neither we nor our previous PCI DSS consultancy provider had considered.
CISO at University of Surrey
Register your interest in the form below
Please note, we can only process business email addresses.