Skip to main content

What is Penetration Testing as a Service or PTaaS?

Penetration Testing as a Service is defined differently by a lot of different organizations. Paying attention to memes would suggest that PTaaS is nothing more than a glorified scanner, and that just couldn't be farther from the truth at least for our team at Xcape it was the pathway for us to provide our clients a more consistent easily reproducible work product. As a boutique information security firm making a name for ourselves as the company you call when all the other so called "experts" fail you. We needed a way to scale ourselves, watching the industry evolve from the sidelines missing out on work that we're overly qualified for, while other organizations grow loosing the quality of their work products because hackers aren't reproducible. 

The first step for us was the hardware, building a hardware platform that makes it impossible for us not to get connected and configured made it so that we could work with any clients technical ability to deploy our solution in any environment,  then we had to become an MVNO to provide ourselves connectivity that's totally out of band. The cell nerd in me took it a step further so that I can isolate devices within the LTE network so they only have access to each other. So our teams connection to our cellular network isn't just novel connectivity our devices we use internally are connected to the private proportion of our LTE network. 

In building PTaaS we knew the goal was always to automate as much of the tedious workflow as possible. So much so that instead of pentesters being network engineers, and technical support staff on engagements, with the workflow and software we've developed, this tool means that our pen testers spend more time actually pen testing, developing malware, and discovering attack chains that lead to compromised systems, the goal of any pen test. 

So what is pen testing as a service you ask? We started with automating most of the first half of our asset discovery workflow. I can't tell you how many pen test we've been on where the target list we're given ends up being just a portion of the end points they have. So our initial scan takes into account that some clients might not be aware of all of their infrastructure so our XBMAS engine does the work of doing OSINT on the client with the targeting information provided, and goes and digs up assets that are related to the organization.

Great now we know about all the assets belonging to your organization and we can start using industry leading tools that are always being updated with fingerprinted vulnerabilities, and new tactics developed internally by our team to scan your internal and external infrastructure for known vulnerabilities building an attack profile of all the exploitable systems within your internal network, external perimeter, and cloud infrastructure. 

Now we've got this automated attack profile based on the results of a bunch of scans of your internal, external and cloud infrastructure. So with the help of our cloud infrastructure and our NetNinja, our system will launch automated attacks against your infrastructure, providing screenshots and code execution of working exploit code that works to gain access to your systems.

So at this phase the automation has done its job and our pentesters have shells waiting for them to dig on. That means on the majority of all our pen test, our testers are spending 100% of their time exploiting systems, working to build attack kill chains, developing malware and custom payloads. We spend more of our time working out ways to exploit your infrastructure over the longer term of our ongoing engagement. 

So instead of a two week smash and grab that results in a large report with a lot of findings, you can instead work with our team to identify vulnerabilities as they're discovered, with access to our pen testers and MSP staff for escalating the remediation of vulnerabilities your team might not have the ability to address. 

Anyone trying to sell you PTaaS without automated exploitation is just lying to you because that's what we call vulnerability scanning and management, which just isn't the same as pen testing.

What we define as Penetration Testing as a Service will set the bar for what the expectation should be when you talk to a firm about PTaaS. If you ain't getting hacked it's not a pen test. 

Click here to learn more about PTaaS by Xcape, Inc. 


Popular posts from this blog

Why traditional Pen Testing is dead.

Annual, bi-annual, and quarterly penetration testing schedules will be a thing of the past.  The advent of sophisticated cyber threats has necessitated a paradigm shift in vulnerability management. In this transformative digital era, the static, once-a-year model of traditional penetration testing is becoming increasingly obsolete. Instead, it's time for businesses to embrace a dynamic model of continual vulnerability detection and mitigation - Penetration Testing as a Service (PTaaS) by Xcape, Inc. This innovative service combines the precision of automated remote pen testing with the strategic oversight of seasoned penetration testers, creating a comprehensive solution for the latest cybersecurity concerns. The Case for Internal and External Network Testing In a conventional cybersecurity setup, the focus is often on safeguarding the external network, the so-called perimeter. However, this perimeter-centric approach, while essential, is not sufficient in today's threat land

Have you tested your backup recently?

We're in the business of helping people, so when a business owner reached out for assistance during a ransomware attack they had experienced, our first question was, "When was your most recent backup?" The owner said his CTO assured him they backed up their Amazon Web Services infrastructure.  Well, they had one snapshot from several years ago, which wouldn't do anything for them. Of course, we always feel bad for giving business owners awful news. But, sometimes, even as experts without the absolute minimum being done technically, we're only left with a few options in ways we can help. So we reversed-engineered and created a decryption application based on the ransomware sample we recovered during our investigation. Recovering over 3 TB of data in the process. While that's not always a possibility, in this case, many things went right for us during the investigation.  Is there a better way to handle ransomware attack recovery ? YES! But the issue wasn't t

How secure is your SMB's domain name?

Studies show that small businesses are being targeted now more than ever in cyber attacks. ( Forbes: Small Businesses Are More Frequent Targets Of Cyberattacks Than Larger Companies ) When cybersecurity professionals discuss two-factor authentication, domain registrars or DNS hijacking is often not the topic. (Think 2FA for GoDaddy , NameCheap , and SquareSpace , to name a few. Take a moment and use these links to setup 2fa for your domain, or google "How to turn on 2fa for name of provider .") Surprisingly, even in 2023, some providers still don't support this essential security control.  However, your domain name controls an organization's corporate website and email exchange records. And suppose an attacker were to get control of it. In that case, they could recreate your email addresses, and password reset their way to control all the accounts owned by an organization.  A few of the recent incidents we've responded to involve attacks where the attacker obtains