Known vulnerabilities and configuration flaws of services and OS running on the server to be diagnosed will be checked.
We check for known vulnerabilities and configuration flaws in the services and OS running on the target server. In addition, at the customer's request, we can conduct an attack on the target server to confirm whether its possible to break into the server.
We provide our customers with highly accurate results by using both manual and automated diagnosis by our experienced diagnosticians. After the diagnosis, a detailed report on the discovered vulnerabilities will be prepared, and the reproduction procedure and countermeasures against the vulnerabilities will be reported in detail.
Based on the customer's specifications, we will examine the system behind the application, the scope of the diagnosis target, and the diagnosis policy. We will then send you a quote.
※ If a confidentiality agreement is required, it will be signed prior to the quote.
Coordinate the diagnosis date and time and complete the contract procedure.
At Gehirn, we mainly conduct manual assessments, with tool assessments as a supplement. From the attacker's point of view, we use our own methods to find vulnerabilities that cannot be detected by tools alone.
The severity of the vulnerability risk is determined based on the expert knowledge of Gehirn's assessors, and a report is prepared on what kind of problems the vulnerability could cause by hypothesizing specific scenarios. After submitting the report to the customer, the customer decides whether or not to modify the software, and a re-diagnosis is conducted after the modification.
Use a port scanning tool against the target server to investigate services running on open or suspicious ports and service version information.
In addition, when a server running in a production environment is targeted for diagnosis, search engines are utilised to investigate whether internal information is being disclosed.
Check for known vulnerabilities in the services running on the target server.
In addition, if we're given the green light, we will conduct a psuedo-attack with a known vulnerability and investigate if the attack succeeds.
Conduct a survey according to the accessible services. As an example, the following survey items are available.
If the target server is running services such as SSH and FTP, and password authentication is enabled, investigate whether the password authentication succeeds by brute force or dictionary attack.
If you have any questions about Gehirn's vulnerability analysis or disaster prevention information distribution system, feel free to contact us via the form below. One of our representatives will respond as soon as they can.