CATSCAN®: Comprehensive Vulnerability Assessments and Penetration Testing
CATSCAN® is our cutting-edge, fully remote service that combines human expertise with AI-assisted techniques to deliver in-depth vulnerability assessments and penetration testing. We provide a seamless solution that identifies and exploits both internal and external vulnerabilities, offering a complete view of your organization's security posture.
How CATSCAN® Works
Delivered entirely over the internet, CATSCAN® integrates advanced manual techniques with AI-driven automation to thoroughly assess your infrastructure. Our experts perform comprehensive internal and external vulnerability scans, followed by targeted penetration tests to exploit weaknesses, all without needing on-site access.
Key Features of CATSCAN®
Why Choose CATSCAN®?
Secure Your Organization with CATSCAN®
Protect your organization from potential threats with CATSCAN®, our fully remote, AI-enhanced vulnerability assessment and penetration testing service. Contact us today to learn how we can help you stay ahead of cyber risks and secure your digital assets.
How CATSCAN® Works
Delivered entirely over the internet, CATSCAN® integrates advanced manual techniques with AI-driven automation to thoroughly assess your infrastructure. Our experts perform comprehensive internal and external vulnerability scans, followed by targeted penetration tests to exploit weaknesses, all without needing on-site access.
Key Features of CATSCAN®
- Remote Delivery: Our service is fully remote, allowing assessments and penetration testing to be conducted efficiently and securely over the internet, minimizing disruption to your operations.
- Hybrid Approach: CATSCAN® combines the precision of manual human analysis with the speed and depth of AI-assisted enumeration, ensuring no vulnerability is overlooked.
- Internal & External Coverage: We assess vulnerabilities in both internal networks and external-facing systems, providing a 360° view of potential threats.
- Exploitation & Reporting: Vulnerabilities are actively exploited using real-world techniques to demonstrate the impact on your systems, followed by clear, actionable reports for remediation.
Why Choose CATSCAN®?
- Human Expertise + AI Power: Leverage the best of both worlds—human insight and AI technology—for faster, more accurate results.
- Comprehensive and Efficient: CATSCAN® covers every angle of your security posture, all delivered remotely, saving time and costs while ensuring thoroughness.
- Tailored Solutions: Each assessment is customized to meet the specific needs and risks of your organization, whether you’re focusing on internal threats, external attacks, or both.
- Actionable Insights: We provide detailed reports with prioritized vulnerabilities and expert recommendations, so you can take immediate steps to improve your security.
Secure Your Organization with CATSCAN®
Protect your organization from potential threats with CATSCAN®, our fully remote, AI-enhanced vulnerability assessment and penetration testing service. Contact us today to learn how we can help you stay ahead of cyber risks and secure your digital assets.
Scoping Questions
External Penetration Testing
Internal Penetration Testing
Social Engineering Campaign - Call for pricing
Web Application Assessment - Call for pricing
Mobile Application Assessment - Call for pricing
Web Application Assessment with Mobile App - Call for pricing
AWS Configuration Review - Call for pricing
Azure/Microsoft365 Configuration Review - Call for pricing
Wireless Assessment - Call for pricing
- Active Hosts/IPs: Please provide the approximate number of active hosts/IPs exposed to the internet across office, datacenter, and cloud infrastructure.
- Testing Restrictions: Are there any day/time restrictions for the testing?
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Deadlines: Are there any specific deadlines for project execution and report delivery?
- Security Controls: Are there any existing security controls (e.g., WAF, IDS/IPS) that we should be aware of?
Internal Penetration Testing
- Internal Environment Size: Please provide the approximate size of the internal environment across all offices, datacenters, and cloud infrastructure, including the number of network-connected systems (endpoints, servers, infrastructure). Approximate numbers are acceptable (e.g., 100, 250, 500, 2000).
- Number of Employees: How many employees are there in the organization?
- Testing Restrictions: Are there any day/time restrictions for the testing to be conducted?
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Onsite Requirement: Our standard engagement is performed remotely via a supplied virtual machine or hardware. Please specify if onsite presence is a requirement for this project.
- Deadlines: Are there any specific deadlines for project execution and report delivery?
- Security Policies: Are there any internal security policies or procedures we should be aware of?
Social Engineering Campaign - Call for pricing
- User Count: Please provide the approximate number of users that would be part of the campaign(s).
- Campaign Types: Would you like to use multiple types of campaigns for different departments?
- Phone-Based Campaign: Would you like to include a phone-based social engineering campaign?
- Target Discovery: Would you like us to do target discovery, or will a target list be provided?
- Specific Scenarios: Are there any specific scenarios or high-value targets you want to focus on?
Web Application Assessment - Call for pricing
- Application Details: Please provide the name and, if available, the URL of the application.
- Functionality Description: Please provide a brief description of the application's core functionality, target users, and their capabilities.
- User Input Pages: Approximate number of user input pages.
- User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
- Public APIs: Are there any publicly facing APIs? If so, can you provide API documentation? If not available, then an approximate number of API endpoints.
- Testing Restrictions: Are there any day/time restrictions for the testing?
- Source Code/Logs: Can access be provided to the application source code and/or logs? While not required, access to code and logs can improve coverage and accuracy of the assessment.
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Specific Standards: Does this application require an OWASP ASVS Cloud Application Security Assessment?
- Deadlines: Are there any specific deadlines for project execution and report delivery?
Mobile Application Assessment - Call for pricing
- Application Details: Please provide a brief description of the application's core functionality, target users, and their capabilities.
- User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
- Public APIs: Public API information – application API documentation the mobile app uses, if available, or the number of API endpoints.
- Mobile Platform: What is the mobile application platform (iOS and/or Android)?
- Certificate Pinning: Does the application use certificate pinning? If so, can a debug build be provided to allow for data transmission analysis?
- App Build: Can you provide an application build outside of the native app store (APK/IPA application file for Android and IPA build for x86 iOS simulator)?
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Deadlines: Are there any specific deadlines for project execution and report delivery?
Web Application Assessment with Mobile App - Call for pricing
- Application Details: Please provide the name and, if available, the URL of the application.
- Functionality Description: Please provide a brief description of the application's core functionality, target users, and their capabilities.
- User Input Pages: Approximate number of user input pages.
- User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
- Public APIs: Are there any publicly facing APIs? If so, can you provide API documentation? If not available, then an approximate number of API endpoints.
- Testing Restrictions: Are there any day/time restrictions for the testing?
- Source Code/Logs: Can access be provided to the application source code and/or logs? While not required, access to code and logs can improve coverage and accuracy of the assessment.
- Mobile Platform: What is the mobile application platform (iOS and/or Android)?
- Certificate Pinning: Does the application use certificate pinning? If so, can a debug build be provided to allow for data transmission analysis?
- App Build: Can you provide an application build outside of the native app store (APK/IPA application file for Android and IPA build for x86 iOS simulator)?
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Deadlines: Are there any specific deadlines for project execution and report delivery?
AWS Configuration Review - Call for pricing
- AWS Accounts: How many AWS accounts are in scope?
- Account Management: Are you using AWS Organizations (ORGs) or is there another way these accounts are centrally managed?
- EC2 Instances: Approximately how many EC2 instances within each tenant?
- IAM Roles: How many IAM roles exist across all accounts?
- VPCs: How many VPCs within each tenant?
- Custom IAM Roles: Approximately how many custom IAM roles are in scope?
- Public IPs: How many public-facing IPs are there?
- Serverless/API Services: Are you utilizing AWS API Gateway, Lambda, Cognito, ECS, or any other AWS "serverless"/API offering?
- RDS Instances: Are there any RDS instances (AWS managed database)?
- Reporting Requirements: Are there any specific deadlines for project execution and report delivery?
Azure/Microsoft365 Configuration Review - Call for pricing
- Tenants: How many Azure/Microsoft365 tenants are in scope?
- Licenses: Please provide the type and approximate number of Azure/Microsoft licenses in use within each tenant.
- Infrastructure: Apart from Azure AD, is there any infrastructure in use within the Azure tenant? If so, please provide details.
- Reporting Requirements: Are there any specific deadlines for project execution and report delivery?
Wireless Assessment - Call for pricing
- Physical Locations: Provide a listing of all physical locations that are in scope for the wireless physical test. For each location, please include:
- Address or city, state.
- Type (office building, factory, campus, plant).
- Approximate size in square feet, number of floors, etc.
- Approximate number of employees at the location.
- Number of SSIDs at the location.
- Testing Restrictions: Are there any day/time restrictions for the testing?
- Reporting Requirements: Are there any specific deadlines for project execution and report delivery?
- Security Policies: Are there any internal security policies or procedures we should be aware of?