• Is your business at risk?

  • Let us find out...

  • Before a malicious hacker does

Penetration Testing and Vulnerability Assessment Services

IT Infrastructures are of ever more importance to businesses and individuals alike.
Unfortunately Cyber crime is on the increase as well. A recent study from the Gartner Group TM reveals that:

  • Most IT Systems have security vulnerabilities
  • Most attacks are being carried out against Applications

What is Penetration Testing?

A Penetration Test is a method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. The same tools, know-how and methodologies are being used, as malicious hackers would employ.

The difference to a real attack is the fact that testing is done with the explicit written consent of the client and the purpose is to produce a comprehensive report and to close down security holes, before a real attacker can exploit them. As of summer 2013, we managed to break into 95% of our customer systems we were tasked to test.

The Founders of Cyber 51 LLC

team

Doree Garcia Flores

Founder

Cisco CCNA, Offensive Security Wireless Professional (OSWP), Social Engineering Expert

Doree has 7 years of experience in IT Security around all major vendor platforms and technologies. Prior to her start in Information Technology, she was responsible for cash flow calculations, wholesale distribution, customer relations as well as import and export administration for a large hospitality organization in Mexico.

She is an expert on Social Engineering Assessments whereby she tests the strengths and weaknesses of humans when it comes to Information Security. She is proficient on computer based, phone based and impersonation Social Engineering techniques. Her second large field of expertise is Wireless Penetration Testing. She is regularly performing assessment on Wireless infrastructures utilizing all possible attack vectors.

After graduating from University with a successful Business Administration degree, she started developing a keen interest in IT Security and worked for numerous organizations incl. the Mexican government, IT Grupo, Cisco Systems, LAN Solutions and ProNetExpert. She is bilingual in both Spanish and English and hold’s the prestigious Offensive Security Wireless Professional Certification (OSWP) along with a Cisco CCNA certification.

Doree has spoken at various IT Security conferences in Latin America incl. the Columbus Round Table in Honduras 2013, where she was presenting live hacking and social engineering demonstrations to senior government and financial sector attendees.

When not working, Doree enjoys riding the bike, going to the gym, playing with her dogs and she has a passion for handcraft.

team

Martin Voelk

Founder

Certified Ethical Hacker (C|EH), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Cisco CCIE # 13708

Martin is an IT Security veteran with 18 years of experience in the IT industry. Prior to setting up his own Security company in 2009, Martin was already regularly teaching Penetration Testing Training Courses, Cisco authorized Security Courses and was regularly engaged by governments and other businesses to establish Security policies, perform Ethical Hacking and Penetration Tests in order to secure network infrastructures and to remediate the threats encountered.

He provided IT Security Services as a consultant to organizations such as the German Railways Group, Cable & Wireless, Hypo-Vereinsbank, Motorola, Fast Lane, Cisco Systems, Apple, the U.S. Army, the British Army and various other government bodies and private sector clients.

Martin provides Penetration Testing and Security Audit Services to clients around the globe. He is a regular speaker at Security conferences and works with the press on giving people an insight into current IT Security issues. In July 2013 Martin has presented a live Ethical Hacking demonstration at a conference in Jamaica. Attendees included senior Jamaican government ministers as well as board members from leading Caribbean banks.

Martin holds some of the highest IT Certifications including the Certified Ethical Hacker (C|EH), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP) and numerous Cisco Certifications such as the CCIE (CCIE #13708) and the CCNP Security. Additionally he is recognized by the U.S. National Security Agency (NSA) as an Information Systems Security (INFOSEC) Professional as outlined in the 4011 and 4013 U.S. Government Standards. He holds a Bachelors Degree in Computer Science from the Technical College in Munich, Germany.

Martin was born in Munich, Germany where he also grew up, attended high school and college. He later lived in different parts of Germany, the UK, Mexico and the U.S. He speaks German, English and Spanish fluently.

If Martin isn’t working or reading IT Security magazines, he dedicates a lot of time to support animal shelters and organizations looking after the needs of children in Latin America. He loves to travel the world, undertaking long mountain bike rides, playing with his Labrador and St. Bernard dogs for hours or simply hanging out with his friends and family.

Cyber 51 In Numbers

Partners And Resellers Who Use Our Services
Clients served worldiwde
Successfully Completed Projects In The Last 3 Years
Security Audits Since 2009

IT TAKES A HACKER TO CATCH A HACKER

-- Kevin Mitnick --

OUR TEAM

All our Security Consultants and Trainers have at least 10+ years professional work experience. Many of our Security Consultants work with governments, militaries & financial organizations on a regular basis. They hold the highest vendor and government certifications such as:

  • Licensed Penetration Tester (LPT – EC-Council)
  • Certified Ethical Hacker (CEH – EC-Council)
  • Certified Security Analyst (ECSA – EC-Council)
  • Computer Hacking Forensic Investigator (CHFI – EC-Council)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Wireless Professional (OSWP)
  • Certified Information Systems Security Professional (CISSP – ISC)
  • INFOSEC – NSA Information Systems Security Professional
  • 4011 Recognition – U.S. National Security Agency (NSA)
  • 4013 Recognition – U.S. National Security Agency (NSA)
  • DoD Information Assurance Awareness
  • A+ (CompTIA)
  • Network+ (CompTIA)
  • Security+ (CompTIA)

OUR CLIENTS COME FROM ALL INDUSTRIES

Our client base is truly international from across all industries. Ethical Hacking and Defense is becoming more and more important. Only if you understand the tools and methods hackers employ, you can start taking appropriate counter measures to protect your Systems and Networks. "Know your enemy" is the first rule of Defense.

Our customers

Some clients who have used our services

Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients Clients

Our Partners

Our Partners, like our Customers, our number one Priority.

Cyber 51 has numerous partnership and re-seller models available to enable partners to supply value added services to their customer base. Services can be delivered fully white labeled or co-branded.

We provide an open, easy and integrated approach to partnering, as our customers are our number one priority. Great partnerships are founded on common goals, shared commitments and mutual rewards. Our goal is to build a foundation that offers our partners significant opportunities to grow their business. Together with our partners, we bring best-of-breed services to help customers maintain highest standards of security and compliance while reducing costs.

Partners Partners Partners Partners Partners Partners Partners Partners Partners Partners Partners Partners Partners Partners Partners Partners

SECURITY IS A NEVER ENDING PROCESS

Don’t wait until you become a Cyber Crime victim!
Let us help you strengthening your Cyber Defenses!

Vulnerability Testing

We offer different type of vulnerability assessment to address all Security aspects of IT infrastructures.

1. Vulnerability Assessments

little human,big magnifier

During Vulnerability Assessments we assess the client network for vulnerabilities, missing patches, backdoors, mis-configurations and deviations from best practices on any IP enabled equipment.

New IT vulnerabilities are revealed on an almost daily basis. Cyber Threats and Risks to businesses are on the increase. Don’t wait until a malicious hacker discovers and exploits YOUR SYSTEM’S VULNERABILITIES!

Vulnerability Assessment vs. Penetration Test

The main difference is that a Network or Web Application Vulnerability Assessment doesn’t involve active exploitation of the encountered vulnerabilities. As such, a Vulnerability Assessment is a more cost effective option to a Penetration Test. A Vulnerability Assessment can therefore be seen as 50% of a Penetration Test and at no time there will be any risk to business operations, as no malicious exploits are run against the tested machines.

Benefits of a Vulnerability Assessment

  • Cost effective alternative to Penetration Testing
  • Discovers vulnerabilities in IT Security
  • Mitigation advice on how to close discovered vulnerabilities
  • Executive summary and an in-depth technical report
  • Debrief call with a senior Security Consultant

Types of Vulnerability Assessments

These services are designed to manage the whole vulnerability management cycle across all your assets including network, infrastructure and web applications. we provide a complete and accurate picture of the security posture of your infrastructure, delivered to meet the requirements of your entire staff including executives, compliance auditors, network/system administrators and security engineers.

Comprehensive Vulnerability Assessment

This service was specially designed to manage the whole vulnerability management cycle across all your assets including network, infrastructure and web applications.

Network Vulnerability Assessment

Network / Infrastructure vulnerability assessment service goes beyond simple automated tools and includes manual verification and the eyes of a real penetration testing team. This services looks for vulnerabilities at your network / infrastructure assets.

Web Application Vulnerability Assessment

Web Application vulnerability assessment services go beyond simple automated tools and includes manual verification and the eyes of a real penetration testing team. This services looks for vulnerabilities at your web applications.

Cloud Vulnerability Assessment

By proactively testing your Amazon AWS instances against real-world threats, our service helps you confidently confirm whether your cloud deployments are secure.

Web Application Secure SDLC

During this service our engineers will conduct vulnerability assessments and attacks in every SLDC stage in order to determine how data can be stolen and/or your infrastructure can be taken offline.

2. PCI Scanning & Consulting

little human,big magnifier

We assist you in PCI Audit preparations by scanning your components according to the PCI framework and provides detailed PCI-DSS Pass or Fail information in a comprehensive report. In addition to our managed scanning services we also offer PCI Consulting Services.

Challenge: Many businesses must be compliant with industry and government regulations. Do you need to achieve or maintain PCI (Payment Card Industry) Compliance?

Solution: PCI Scans according to the PCI framework

The purpose of this scan is to find out whether any given machine meets or fails the PCI-DSS requirements, enabling Admins to quickly take remediation action. The reports are aligned with the PCI-DSS framework.

PCI Scan Benefits

  • PCI Compliance scan focused on “internal”
  • Vulnerability / patch scan requirement 11.2.1
  • Also includes 35 other PCI requirement checks
  • Comprehensive Reporting

PCI-DSS Consulting Services

In addition to our managed scanning services we also offer PCI Consulting. Interpreting the requirements of PCI DSS can be a tricky exercise leaving many organizations unsure if the measures they have put in place, address the requirements adequately.

We offer a range of consulting services to provide assistance and clarity for any organization currently involved in a PCI compliance project.

  • PCI DSS Scoping and Gap Analysis
  • PCI DSS Implementation Guidance
  • QSA RoC Assessments
  • SAQ (Self-Assessment Questionnaire) Reviews
  • ASV Scans
  • Penetration Tests for PCI DSS

3. Credit Card Scanning

little human,big magnifier

In this assessment, we scan your machines for unprotected (clear text) credit card information held in files and folders.

Challenge: More and more business is done online these days. Do your employees keep financial credit card information in plain files on their machines? Knowingly or Unknowingly?

Solution: Credit Card Scans to identify credit card and other financial information

The purpose of this scan is to find out whether any given machine contains credit card information in plain text files, enabling Admins to quickly take remediation action. Reports are vital for PCI-DSS Compliance.

Credit Card Scan Benefits

Searches for non-compliant credit cardholder data across all your Windows and Mac OS X and results produce the directory patch, matching data and the card brand.

4. BYOD Mobile Scanning

little human,big magnifier

We perform vulnerability, PCI and credit card scans on mobile devices such as smartphones and tablets.

Challenge: The mobile market is growing rapidly, but what about the security aspects? Do your employees bring their own Mobile devices (Tablets & Phones) into your business? Does BYOD raise security concerns?

Solution: Mobile Device Scans (iPhones, iPads, Androids etc.)

The purpose of this scan is to find out whether any given machine meets or fails the PCI-DSS requirements, enabling Admins to quickly take remediation action. The reports are aligned with the PCI-DSS framework.

Mobile / BYOD Scan Benefits

  • Tablet scans such as for iPads
  • Mobile device scans for Androids / iPhones
  • Complete Vulnerability Management for BYOD devices

Pentesting

We offer 5 types of Penetration Services which address all Security aspects of IT infrastructures. Tests (except for Wireless) are typically being carried out remotely to simulate a potential Cyber attack from the Internet.

1. Network Penetration Testing

Network Penetration,big magnifier

Do You Think Your IT Infrastructure is Secure?

OR DO YOU REALLY KNOW IT IS?

What would happen, if a competitor would steal critical digital information from you?
What sort of legal consequences could loss of customer data have for your business?
What would be the financial implications if your IT stops operating for 1 hour?
Did you know that 90% of all deployed IT systems worldwide have vulnerabilities?

NETWORK PENETRATION TESTING


Penetration testing or sometimes referred to as “Ethical Hacking” is a security testing service that focuses on locating flaws in your networks, infrastructure and overall architecture (i.e. Servers and other Networking components). Tests involve active exploitation of vulnerabilities.



Benefits of a Penetration Test

  • Gives you a full picture of your security exposure
  • Discover vulnerabilities in IT Security
  • Get advice on how to close discovered vulnerabilities
  • Stay compliant with government & industry laws
  • Protect your business operations
  • Allows you to enhance IT security efficiently
  • Helps you manage risk
  • Helps you develop / re-develop a security strategy

2. Web Application Penetration Testing

Network Penetration,big magnifier

Web applications have become increasingly vulnerable to different forms of hacker attacks. According to a Gartner Report, 75% of attacks today occur at the application level. A Forrester survey states that “people are now attacking through applications, because it’s easier than through the network layer.”

Despite common use of defenses such as firewalls and intrusion detection or prevention systems, hackers can access valuable proprietary and customer data, shutdown websites and servers and defraud businesses, as well as introduce serious legal liability without being stopped or, in many cases, even detected.

WEB APPLICATION PENETRATION TESTING

More than 70% of all technical attacks are aimed at the Application layer. This service examines your web applications from a coding and implementation flaw perspective, but also looks at other issues like SQL injection and cross-site-scripting, involving active exploitation of vulnerabilities.



Benefits of a Web App Penetration Test

  • Gives you a full picture of your security exposure
  • Discover vulnerabilities in Web Applications
  • Get advice on how to close discovered vulnerabilities
  • Stay compliant with government & industry laws
  • Protect your business operations
  • Allows you to enhance IT security efficiently
  • Helps you manage risk
  • Helps you develop / re-develop a security strategy

3. Wireless Penetration Testing

Network Penetration,big magnifier

What are Wireless Security Audits?

A Wireless Security Audit is a method of evaluating all Wifi or Bluetooth Security aspects of networks by simulating attacks against authentication, encryption or becoming a „man-in-the-middle“ attacker. The same tools, know-how and methodologies are being used as malicious hackers would employ.

A Wireless Security Audit is a method of evaluating all Wifi or Bluetooth Security aspects of networks by simulating attacks against authentication, encryption or becoming a „man-in-the-middle“ attacker. The same tools, know-how and methodologies are being used as malicious hackers would employ.

The difference to a real attack is the fact, that testing is done with the explicit written consent of the client and the purpose is to produce a comprehensive report and to close down security holes, before a real attacker can exploit them.

As of summer 2014, we have managed to break into 90% of our customer systems through Wireless. Wifi is used in almost any business and can open all doors to attackers, because Wireless Networks expose the company network beyond its premises and an attacker may be hundreds of yards away!

Please see a few of our educational videos around Wifi Penetration Testing



Why Wireless Security Audits?

  • What would happen, if sensitive and critical data would be stolen by a competitor?
  • What would be the legal consequences if your customer data would be stolen?
  • What would be the financial impact of an hour network downtime due to an attack?
  • Have you already fallen victim to an attack (knowingly or unknowingly)?

Who Should Get a Wireless Security Audit?

  • Business who use IT systems of any kind, hold confidential data
  • Businesses who don’t want lawsuits from clients, when data has been stolen
  • Businesses who have fallen victim and don’t want to wait for the next attack
  • Businesses who must comply to Industrial and/or Government Compliance regulations
  • Businesses who have heard that competitors already had to face a Cyber attack
  • Businesses who understand that pro-active security is a lot cheaper than re-active

4. Mobile Application Penetration Testing

Network Penetration,big magnifier

Mobile Applications for smartphones are becoming every more popular these days. From application utilities to games with in-app purchase options. iPhones, Androids and the likes are part of our daily lives. The market for Mobile Applications is seeing exponential growth and whilst those Apps make us more productive and flexible, the security element is often neglected and widely underestimated.

We provide full Mobile Application Penetration Tests and follow a strict OWASP testing cycle to uncover flaws:

  • Encryption and communications with the main web app (web service, etc)
  • Full Application Traffic Analysis
  • Code Signing and Memory Protections
  • Runtime Analysis
  • Insecure Data Storage Analysis
  • Fuzzing the Application
  • Exploiting the Application


Benefits of a Mobile App Penetration Test

  • Gives you a full picture of your security exposure
  • Discover vulnerabilities in Mobile Applications
  • Get advice on how to close discovered vulnerabilities
  • Stay compliant with government & industry laws
  • Protect your business operations
  • Allows you to enhance IT security efficiently
  • Helps you manage risk
  • Helps you develop / re-develop a security strategy

5. Social Engineering

Network Penetration,big magnifier

What is Social Engineering?

Social engineering, in the context of information security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. The difference to a real attack is the fact, that testing is done with the explicit written consent of the client and the purpose is to produce a comprehensive report and to close down security holes, before a real attacker can exploit them. As of summer 2013, we managed to break into 99% of our customer systems employing social engineering techniques.

Please watch our Social Engineering sample video:


Why Social Engineering?

  • Does the best IT Security really help, if employees give out sensitive information?
  • Do employees click on links if they seem to get an email from a co-worker / manager?
  • Can employees be tricked over the phone when an attacker impersonates someone?
  • Is the physical security weak? Can attackers dumpster dive? Is tailgating possible?
  • Are non-technical users educated around Social Engineering threats?

Who should be Social Engineering tested?

  • Businesses who use IT systems of any kind and hold confidential data
  • Businesses who don’t want lawsuits from clients, when data has been stolen
  • Businesses who have fallen victim to an attack and don’t want to wait fall victim again
  • Businesses who must comply to Industrial and/or Government Compliance regulations
  • Businesses who have heard that competitors already had to face a Cyber attack
  • Businesses who understand that being pro-active is cheaper than being re-active

How often should a Social Engineer Test be done?

A full audit should at least be done once and the results should flow into a company Security Policy. We also recommend regular user education workshops, which we also provide.

How is the Service charged?

We charge based on the number employees and number of tests to be done. Please contact us and we will provide you with a free consultation call.

Social Engineering Audit Services

During a Social Engineering Audit, we perform tests in person, via the phone and electronically (computer based). We gather a lot of information up-front through online information gathering. We use Social Media tactics to gain trust from employees to later exploit that trust. We impersonate sources of authority and use a variety of techniques such as:

  • Phone based social engineering incl. Caller ID and SMS spoofing
  • Sending crafted emails which seem to come from a superior with a call to action
  • Getting employees to visit fake websites which may infect their machines
  • We perform social engineering in person to gain access to confidential information

Cyber Intel

Network Penetration,big magnifier

Background

The current response to cyber criminality is to ‘put out fires.’ By that we mean that the world is in reactive mode, responding to attacks, cleaning up the aftermath then preparing for the next threat. This has created an unbroken cycle and there needs to be a step change in the approach in how we ‘police’ IT networks and company infrastructure if we are to regain the initiative with regards to cyber criminality.

Our mission

We proactively assist clients in cyber crime prevention and investigation by introducing a step change in how we respond to cyber attacks and shift emphasis from fire brigading the technical aspects to identifying threats proactively.

Our Cyber Intelligence Service

We offer an intelligence service to the private sector by proactively monitoring and reporting activity in cyber space, which concerns the client’s interests. We turn all intelligence into an informational product delivered on either monthly or quarterly basis.

We gather intelligence by use of the following means:

  • Technical Cyber Threat feeds incl. Botnets, attack sources, malware, trends etc.
  • Observation and Monitoring of underground hacking groups / chat rooms
  • Monitoring Information on the Dark/Deep Web relevant to the client
  • Activity monitoring on Social Media concerning client’s interests
  • Intentional and unintentional client information disclosure online
  • Information gathering on groups / individual posing a potential risk to client’s interests

Deliverables

Reports are being delivered either on a monthly or quarterly basis and contain detailed information on threats and potential threats to the client business. Should we encounter imminent threats, we will inform the customer immediately. All intelligence reports contain recommendations on how to mitigate threats encountered and provide detailed information on threat sources for potential legal action and law enforcement involvement against the individual(s) / group(s) posing a risk.

We are a Private Intelligence Service which delivers Intel to clients in the same manner a state intelligence agency provides information to the government concerning national interests.

Testimonials

  • Our experience with Cyber51 has been highly satisfactory. We always expect the highest levels of service and commitment, and we are pleased to say that Cyber51 exceeded our expectations. We found the staff to be professional, reliable and efficient, and we greatly appreciated Cyber51’s detailed explanation of the vulnerability test results. We are happy to do business with Cyber51 and would recommend its services to others.

    Darnell Andrusakin - InterGlobal Communication Group
  • Cyber-51 provided us with a professional, efficient and reliable service from the off. We would not hesitate to recommend them to anyone in our field and will definitely be using their services in the future.

    Jamie Zammitt - Sovereign Trust (Gibraltar) Limited
  • Gentlemen, I wanted to send you my thanks for all the recent work you guys have complete for my financial industry clients over the past several months. Not only were the jobs complete in a timely matter the precision and dedication you out into each test is just remarkable. Cyber 51 has made Interactive Security LLC stand out far above the rest. I truly enjoy the way you approach every audit from a command line or old school way of testing and mot just putting IPs into a program and running. Do things this way is our approach as well and I feel you get better and more accurate results. It has been a pleasure doing business with you and I look forward to doing more business with you. Thank you for making Interactive Security LLC shine with its clients.

    Shawn C Corrigan - Interactive Security LLC - President
  • Cyber 51's security testing team were thorough, effective and very professional. We found their reports were very informative and the support we received from the security team was of the highest quality. We will definitely be using their services again in the future.

    Harvey Frey - Online Vouchers - Managing Director

CYBER 51 LLC

835 Engle Switch Road, Harpers Ferry,
WV 25425 USA

We'd really love to hear from you so why not drop us an email and we'll get back to you as soon as we can.

Back to Top