Offensive Security Experts
Let us find your faults first.
with years of experience working in and with the public and private sector.
that won’t disrupt business and can take place remotely or in person with the same effect.
to ensure you don’t just know about your problems; you can solve them.
REDSEC’s experienced professionals help you take your security to the next level. There’s no such thing as a standard penetration test or vulnerability scan. We work with you to plan testing that flexes to your business needs. REDSEC offers Infrastructure Penetration Testing, Phishing Attack Assessments, Source Code Review, Vulnerability Scanning, Web Application Penetration Testing, and Wireless Penetration Testing. All of our services can be remote or on site. You may have been tested before, but not like this. Rely on REDSEC to find your faults first.
REDSEC’s skilled Operators performed an external penetration test on our networks and alerted us to critical vulnerabilities. They let us know what the affected response might be from the host before they tried to exploit it. We were updated twice a day which was super helpful to me and my staff. They also provided great remedial guidance that helped us quickly correct vulnerabilities.
Our company subcontracted the writing of our source code to a well-known web development company, so when the REDSEC Team did a Source Code Review, we were astonished at the findings they uncovered. It was an uneasy feeling knowing that the web developer company we hired left so many security flaws in our code. I can’t say enough how great and comforting it was to have the NuHarbor REDSEC team give us some great recommendations to fix our source code.
REDSEC waged a phishing campaign against our employees by mirroring a realistic payroll website that we use in our company. The REDSEC Operators captured several IT Administrator’s credentials. With Domain Administrator access, they were able to compromise our whole domain within 20 minutes after starting the phishing campaign. We had the opportunity to show our leadership how pertinent it is to implement User Security Awareness training and build the funds into our annual IT Security budget.
We have utilized the NuHarbor REDSEC Operators for a few years now to conduct our quarterly vulnerability assessments. Our usual policy is to change vendors every few years, but we have had exceptional service from NuHarbor that we see no need to shop around. The reports we receive are tremendously comprehensive, containing hundreds of pages of descriptions of the vulnerabilities, affected hosts, and solutions along with outside references.
The NuHarbor REDSEC Operators performed a web application penetration test on a few of our web applications. They discovered some Insecure Direct Object Reference (IDOR) critical vulnerabilities and notified us immediately. With the weaknesses they found, they were able to gain access to secure content. We didn’t realize our admin application server was exploitable. Their skilled engineers provided remediation guidance to close the vulnerability
Wifi. Yeah, that’s an unfamiliar animal to deal with. We hired the REDSEC team to test the Wireless Networks we provide for our employees and customers. The REDSEC Operator came onsite and setup their “Toolkit” with antennas sticking out all around, it was scary to look at. The REDSEC Operator was able to set up a Rogue Access Point, mimicking our Access Points. Users would unknowingly log on to the Rogue Access Point and the REDSEC Operator initiated an Evil Twin Attack to capture and inject packages into the network stream between the user’s computers and other systems.
Infrastructure Penetration Testing
Perimeter infrastructure isn’t as porous as it used to be. In our experience, most infrastructure security threats stem from misconfiguration and human oversight. Automated testing cannot find these common errors. Our veteran engineers have you covered.
Phishing Attack Assessments
Modern attackers exploit this to target organizations via highly-sophisticated phishing campaigns. We test the human element within your network. Our engineers work with you to craft a custom phishing campaign. Get the statistics you need to inform decisions and secure your network.
Source Code Review
If you’re looking for a security review of your application code we have cost-effective solutions to help.
Vulnerability Scanning Services
Don’t let vulnerability scanning burden your team. If your vulnerability scans are taking too long , you are struggling to prioritize vulnerabilities, or are looking for a scan to meet compliance needs we have options to help.
Web Application Penetration Testing
Many applications simply present database views to the internet. Need assurance that there’s not a back door into the whole dataset? You want us to discover flaws before someone else does.
Wireless Penetration Testing
Attackers have increasing interest in compromising corporate networks and gaining footholds within internal environments. NuHarbor’s wireless network penetration testing engineers find the holes in your network before someone else does.
Prior to joining NuHarbor Security, Martin spent several years as a web application developer before discovering that breaking web applications was a better fit. He holds a B.S. in computer science and has competed in the Collegiate Cyber Defense Challenge at the national level. In his free time, Martin enjoys hiking and biking around the world (literally).
Mackenzie is a Web Application Penetration Tester at NuHarbor Security. She has been a part of two NuHarbor teams: both Information Assurance and REDSEC. She is passionate about all aspects of security and has degrees in both Cybersecurity and Digital Forensics. When not in the office, she’s usually aimlessly wandering around Vermont or spending way too much time on Twitter.
A self-confessed coffee junkie and pepper head, Eric has been working with NuHarbor Security as an Operator since its early years. He has over 20 years of experience writing
bugs software and working with various technologies. He enjoys reverse engineering software and taking just about anything apart. With enough coffee, you can do just about anything, which he recently proved by obtaining his OSWE certification.
Sonya leverages her past experience to hunt for vulnerabilities both externally and internally. Prior to joining REDSEC at NuHarbor Security, she held career positions as an Information Technology instructor, Network Administrator, and Senior Systems Administrator. She served as a member of the Vermont Army National Guard Critical Infrastructure Team. She participated in several regional and national cyber security exercises with various government and civilian entities. In her spare time, she enjoys spending time with her family, watching horror movies, and putting up with her husband’s crazy antics.
Randy is an experienced Offensive Operator with over 15 years of technical expertise in the Information Security space. Over the course of Randy’s career, he has developed and supervised penetration testing and red team operations for both private-sector and government clients. As a member of the U.S Army, Randy served in numerous technical roles within the Cyber Operations realm. When not helping clients discover their security shortcomings, Randy enjoys spending time with his family and coaching youth hockey.
Kyle joined NuHarbor in the very early days; picture a single table for the entire Crew. He founded the offensive cyber operations arm at NuHarbor Security. He has consulted with hundreds of organizations, assisting them with all aspects of information security from controls assessments, to defensive operations, and security architecture design. To this day, he works closely with the REDSEC team to improve the TTPs and offers a unique blend of technical know how, and business sense during the team’s engagements.
Remote Assessment Vulnerability Exploitation Node
The RAVEN allows our REDSEC team to remotely simulate offensive actions against your system just as though they are on site. RAVEN is the next best thing to having one of our operators on premises.
- Secure and Convenient
- Lower profile and less logistics than on site staffing
- Easier scheduling
- Allows for testing at multiple sites
- Allows for remote access for all of REDSEC’s offensive security activities
- Device is mailed in a ruggedized case and only needs network and power to operate
- Allows for testing with travel and work restrictions related to COVID-19