Call Support +255686600558
Working Hours Mon - Sat 08:30 - 07:00pm

Penetration Testing


Penetration Testing

Penetration testing of IT systems, payment solutions, networks, and applications for internet banking and ATMs is FortConsult’s core business. We have conducted thousands of penetration tests in our lifetime, and stand out from other security companies by combining wide-ranging test methodologies with deep technical expertise and an understanding of your business.


Penetration Testing

Penetration testing is your way of ensuring that there are no glaring holes in your IT security.

In order to ensure that your business-critical assets are available, functional and operating as they should be, you need have a number of IT security measures in place. Penetration testing your ability to withstand targeted attacks is key to maintaining a high level of security. Itexpert-Laptopexpert takes pride in taking the time to understand what is critical to your business, so that we are testing areas that would have a business impact. Our penetration tests simulate attacks like they happen in real life, giving you a realistic picture of the threats that you are facing and whether you are able to protect your business against them.
Full Spectrum Attack Simulation

Cyber security has traditionally focused on applications and infrastructure, and while this is still extremely important, cyber criminals are constantly looking for new attack vectors and weaknesses to exploit. Their attack methods are becoming increasingly complicated and varied, and are no longer limited to targeting cyber assets. With physical and human weaknesses becoming a convenient attack vector, organisations need to address more complex and sophisticated attack scenarios than they have done before.

Our Full Spectrum Attack Simulation offers a wide range of simulated attacks that are designed to test your defensive and response capabilities, addressing specific concerns and delivering insights that help you improve your organisation’s IT security posture.

Modern threat actors vary by their motivation and attack methods, which is why it is important to simulate threat actors that are relevant to your organisation. The most common threat actors that are replicated in a Full Spectrum Attack Simulation are:

  • Hacktivist: an individual or a group with a grudge against your organisation. Their motivation is rarely financial, but rather seeking to cause reputational damage or disrupt your operations. Their typical Tactics, Techniques and Procedures (TTPs) include Distributed Denial of Service (DDoS) attacks or defacements of websites
  • Cyber Criminal: typically well-organised and resourceful, their motivation is almost exclusively financial. Their TTPs range from large scale phishing campaigns designed to deploy ransomware to targeted attacks that aim to steal and re-sell data or simply trick you into transferring money to phoney accounts (CEO fraud)
  • Insider Threat: often difficult to identify due to their position, their activity may be malicious or accidental. Typical TTPs are exfiltration of sensitive data and disruption of systems
  • Cyber Espionage & State Sponsored Actors: significantly fewer in numbers, but almost always more sophisticated and dangerous than the other threat actors on this list, they pose a significant risk to a number of organisations. Their prime motivation is obtaining information that might be exploited in one way or another, meaning that they strive to retain access to your environment for as long as possible and put great effort into staying unnoticed. Their TTPs are characterised as Advanced Persistent Threats (APT), and they use a variety of attack vectors to gain and maintain access. Defending against them requires a robust security infrastructure and awareness.

Typical reasons for performing a Full Spectrum Attack Simulation include:

  • Improving your organisation’s readiness to withstand and respond to a variety of attacks from different attack vectors
  • Training your security operations personnel (Blue Team) in handling advanced and persistent attacks
  • Benchmarking your Blue Team’s performance
  • Understanding your organisation’s resilience
  • Regulatory compliance and oversight

Red Team Assessment

Cyber attack
Our Red Team assessment evaluates your cyber preventive controls and staff security awareness, and challenges your Blue Team’s detection and response processes. This assessment includes attacks from locations inside and outside of your organisation and targets your applications, infrastructure, people, processes and sensitive data.

This assessment aims to identify any weaknesses in your organisation that could be exploited in a cyber attack, and answer the following questions: 

  • What risks do threat actors pose to your business critical IT assets?
  • Have your investments in cyber security preventive controls and security awareness training been effective?
  • Are you able to detect a persistent and sustained threat and malicious activities within your network?

During a Red Team assessment, we will:

  • Use Open Source Intelligence (OSINT) gathering techniques and threat intelligence activities to devise credible attack scenarios, which will guide the rest of the activities in this assessment
  • Attempt to compromise your cloud and externally facing infrastructure
  • Deliver carefully crafted spear-phishing emails to compromise your staff, attempt to obtain sensitive information from users or encourage visiting a malicious site through voice and SMS communications
  • Use a stolen laptop and/or wireless or wired network access that was obtained through a Black Team assessment to gain a foothold on your internal network, and move laterally in order to compromise the agreed upon critical applications and infrastructure
  • Assess your organisation’s ability to prevent a sophisticated, planned and sustained cyber attack

This assessment goes well together with a Black Team assessment, as an attacker that has been successful in a physical attack will typically continue to attempt to compromise your organisation further with a series of cyber attacks.

Black Team Assessment

Physical attacks and social engineering
An attacker that has gained physical access to your offices will almost certainly be able to compromise your company further and steal data or other important IT assets – which is why it is imperative to make sure that your organisation’s physical security is robust.

Our Black Team assessment uses a combination of cyber and physical attack techniques in order to achieve a compromise of the physical security and gain physical access to your premises.

This assessment aims to identify weaknesses in your physical security and answer the following questions:

  • How easily could a determined attacker gain access to your internal networks through a successful breach of your physical security?
  • Are your employees disclosing information that could be of assistance to an attacker?
  • How effective are your investments in physical security controls?

During a Black Team assessment, we will:

  • Use Open Source Intelligence (OSINT) gathering techniques and threat intelligence activities to devise credible attack scenarios, which will guide the rest of the activities in this assessment
  • Preform reconnaissance and surveillance, assessing your physical security controls
  • Use social engineering to bypass technical controls and access restricted areas of your organisation
  • Manipulate staff to allow access to their workspaces and/or to identify sensitive or protected information
  • Evaluate the level of response to threats by your staff and by third parties

A Red Team assessment is a good follow-up to this assessment, as it will uncover how an attacker can use the obtained information or physical access to further compromise your security or gain access to sensitive data.

Vulnerability Test

You do your best to secure the systems against hackers and malware – but new threats emerge constantly. We can help you sleep at night by testing your resistance to common and upcoming attack methods. We test your business-critical IT systems and look for vulnerabilities, using a combination of automatic tools and manual, creative tests.

The test can be conducted at three different levels, with amateur hackers and random attacks as the main concern at level 1 and targeted attackes based on insider knowledge at level 3.

The test will result in a report that provides you with an accurate status of IT security in your systems as well as suggestions as to how the desired level of security can be reached. We review the report with you and your team at a meeting with one of our consultants.

Performing this test lets you:

  • Improve your level of security and protect your business-critical IT systems
  • Improve your internal workflows based on an increased understanding of the causes of different vulnerabilities

Laptop Review

Laptops pose a security risk for any organisation, as they are exposed to unknown networks and servers when your employees bring them with them when they leave the premises. So what happens if a laptop is lost or stolen, or if an employee connects to a malicious Wi-Fi hotspot?

Itexpert-Laptopexpert offers a structured review of your laptops, which, depending on your wishes, can consist of two different approaches:

  • A technical review of a representative laptop’s configuration.
  • This will include an analysis of, among others, BIOS configuration, wireless configuration, encryption configuration and so on .
  • An analysis of the use of the laptops in your company with a focus on security policies and usage guidelines.

A laptop review helps you:

  • Regain the control of your IT infrastructure.
  • Reduce the risk of a compromise.
  • Document that you take security seriously to management, auditors and the media.

DDoS Test

DoS (Denial of Service) and DDoS (Distributed Denial of Service) are common attack methods, designed to make a company’s IT systems inaccessible to users. DoS and DDoS attacks can cause great inconvenience and have serious economic consequences for businesses. As an IT manager, you need to know how your system responds to DoS and DDoS attacks, and how you can achieve the best possible defence with the tools that you have at your disposal Itexpert-Laptopexpert’s practical DDoS test can help you along the way.

Our DDoS test is designed to find the limits of your current setup, including verification of the current protection, test alerting and collection of detailed knowledge about the systems’ behavior when under attack. As a result of our test, you will receive a number of proposals about how to improve your environments, in order to achieve the best possible protection, making you prepared for potential attacks.

Our DDoS test helps you protect your business operations by:

  • Improving your overall structure and network security
  • Giving you an understanding of your capabilities to withstand different levels of powerful DDoS attacks
  • Giving you tangible tools that help you improve your IT environments to achieve the best possible protection against DDoS
  • Helping you streamline your internal procedures under a DDoS attack


Vulnerability Scanning

How do you maintain the security in your Internet-facing IT systems in a landscape that is in a constant change?

Our vulnerability scanning service is offered as a subscription with an unlimitied number of scans, or as a ticket coupon system with a fixed number of scans of your Internet-facing IT systems. The scanning consists of three modules: IP Discovery (status of current number of IP addresses), IP Vulnerability Scan (overview of new port and IP vulnerabilities) and Web Vulnerability Scan (overview of new web vulnerabilities).

You control what is scanned and when, and for the applications and IP addresses that are to be scanned regularly, scanning is done automatically. The status report is delivered after our experienced security consultants have removed any false positives.

Our vulnerability scanning can be a fine addition to our thorough vulnerability test that also involves manual and creative tests.

Wireless Network Penetration Test

Wireless networks are increasingly exist in most offices due to the huge benefits they bring to both employees and guests – but they also introduce vulnerabilities that are avoided with a wired network. A hacker does not have to be physically located in a company to hack into the wireless network and from there into the internal network and the confidential data. How can you secure yourself against this?

Itexpert-Laptopexpert’s wireless network penetration test gives you answers to the following questions:

  • Are all the wireless components secured?
  • Are your employees’ computers secured?
  • Can you exclude your computers from your network if they lost or stolen?

The solution can advantageously be combined with our Laptop Review.

Our wireless network penetration test allows you to:

  • Enhance the level of security in your wireless networks
  • Enjoy all the benefits of wireless networks without compromising your company’s IT security
  • Get a thorough and impartial assessment from a third party of whether or not the actual security level in your wireless network is consistent with your own view
  • Documented proof to management, auditors and the media that you comply with your security policies

Firewall Inspection

A firewall is a crucial element in your perimeter security. However, as time passes, ad-hoc needs may occur, such as opening particular ports and services for a temporary period. These things can increase the risk of compromising your IT security.

Having acquired your firewall rules and network diagrams, we thoroughly scrutinise them and to identify vulnerabilities in the configuration of your firewall. Among other things, the firewall review includes an analysis of the following elements:

  • Management
  • Logging
  • VPN
  • Traffic relevance

The firewall review helps you: 

  • Remove any security issues in your firewall rules and thereby enhance your security
  • Protect your business against attackers with insider knowledge of your firewall rules
  • Improve  your  internal  working  procedures by giving you an understanding of why security breaches have occurred and how to prevent them from occurring again
  • Give the relevant employees valuable sparring on firewall security


EMAIL : or call +255719858626