Platform Vulnerability Assessment

Known vulnerabilities and configuration flaws of services and OS running on the server to be diagnosed will be checked.

Platform Vulnerability AssessmentCheck for vulnerabilities and configuration flaws in running services and OS.

We check for known vulnerabilities and configuration flaws in the services and OS running on the target server. In addition, at the customer's request, we can conduct an attack on the target server to confirm whether its possible to break into the server.

We provide our customers with highly accurate results by using both manual and automated diagnosis by our experienced diagnosticians. After the diagnosis, a detailed report on the discovered vulnerabilities will be prepared, and the reproduction procedure and countermeasures against the vulnerabilities will be reported in detail.

Diagnostic Prodecure

Typical Vulnerability Diagnostic Items

Port Scanning

Use a port scanning tool against the target server to investigate services running on open or suspicious ports and service version information.
In addition, when a server running in a production environment is targeted for diagnosis, search engines are utilised to investigate whether internal information is being disclosed.

Investigating Known Vulnerabilities

Check for known vulnerabilities in the services running on the target server.
In addition, if we're given the green light, we will conduct a psuedo-attack with a known vulnerability and investigate if the attack succeeds.

Investigation of service protocol-specific configuration flaws, etc.

Conduct a survey according to the accessible services. As an example, the following survey items are available.

  • DNS: Check if zone transfer is enabled.
  • SMTP: Are there any unauthorized mail relay or unnecessary commands allowed?

Investigating the use of weak passwords

If the target server is running services such as SSH and FTP, and password authentication is enabled, investigate whether the password authentication succeeds by brute force or dictionary attack.

Contact Us

If you have any questions about Gehirn's vulnerability analysis or disaster prevention information distribution system, feel free to contact us via the form below. One of our representatives will respond as soon as they can.