REDSEC Logo White

Offensive Security Experts

Let us find your faults first.

Click Here to Receive a Free REDSEC Consultation

Expert Professionals

with years of experience working in and with the public and private sector. 

Efficient Testing

that won’t disrupt business and can take place remotely or in person.

Exacting Reports

to ensure you don’t just know about your problems, you can solve them.

New call-to-action

Our Process

Our team of highly trained operators leverage the most effective real-world tactics, techniques, and procedures available today. There’s no such thing as a standard penetration test or vulnerability scan. We’ll help you plan offensive testing that flexes to your business needs. NuHarbor offers Infrastructure Penetration Testing, Phishing Attack Assessments, Source Code Review, Vulnerability Scanning, Web Application Penetration Testing, and Wireless Penetration Testing, all delivered remotely or onsite. You may have been tested before, but not like this. Let us find your faults first.

REDSEC’s skilled Operators performed an external penetration test on our networks and alerted us to critical vulnerabilities. They let us know what the affected response might be from the host before they tried to exploit it. We were updated twice a day which was super helpful to me and my staff. They also provided great remedial guidance that helped us quickly correct vulnerabilities.

IT DirectorHospitality Company

Our company subcontracted the writing of our source code to a well-known web development company, so when the REDSEC Team did a Source Code Review, we were astonished at the findings they uncovered. It was an uneasy feeling knowing that the web developer company we hired left so many security flaws in our code. I can’t say enough how great and comforting it was to have the NuHarbor REDSEC team give us some great recommendations to fix our source code.

FounderSoftware Application

REDSEC waged a phishing campaign against our employees by mirroring a realistic payroll website that we use in our company. The REDSEC Operators captured several IT Administrator’s credentials. With Domain Administrator access, they were able to compromise our whole domain within 20 minutes after starting the phishing campaign. We had the opportunity to show our leadership how pertinent it is to implement User Security Awareness training and build the funds into our annual IT Security budget.

DirectorService Provider

We have utilized the NuHarbor REDSEC Operators for a few years now to conduct our quarterly vulnerability assessments. Our usual policy is to change vendors every few years, but we have had exceptional service from NuHarbor that we see no need to shop around. The reports we receive are tremendously comprehensive, containing hundreds of pages of descriptions of the vulnerabilities, affected hosts, and solutions along with outside references.

CISOFinance Institution

The NuHarbor REDSEC Operators performed a web application penetration test on a few of our web applications. They discovered some Insecure Direct Object Reference (IDOR) critical vulnerabilities and notified us immediately. With the weaknesses they found, they were able to gain access to secure content. We didn’t realize our admin application server was exploitable. Their skilled engineers provided remediation guidance to close the vulnerability

DirectorState Government

Wifi. Yeah, that’s an unfamiliar animal to deal with. We hired the REDSEC team to test the Wireless Networks we provide for our employees and customers. The REDSEC Operator came onsite and setup their “Toolkit” with antennas sticking out all around, it was scary to look at. The REDSEC Operator was able to set up a Rogue Access Point, mimicking our Access Points. Users would unknowingly log on to the Rogue Access Point and the REDSEC Operator initiated an Evil Twin Attack to capture and inject packages into the network stream between the user’s computers and other systems.

DirectorRetail Business

Our Services

Infrastructure Penetration Testing

Perimeter infrastructure isn’t as porous as it used to be. In our experience, most infrastructure security threats stem from misconfiguration and human oversight. Automated testing can’t find these common errors, but our veteran operators have you covered.

Phishing Attack Assessments

Modern attackers exploit this to target organizations via highly-sophisticated phishing campaigns. We’ll help you craft a custom phishing campaign to test the human element within your network. Get the statistics you need to inform decisions and secure your network.

Web Application Penetration Testing

Many applications simply present database views to the internet. Need assurance that there’s no back door into the whole dataset? Let us discover the flaws first.

s

Vulnerability Scanning Services

Don’t let vulnerability scanning burden your team. If your scans are taking too long, you’re struggling to prioritize vulnerabilities, or you’re looking for a scan to meet compliance needs, we can help.

Wireless Penetration Testing

Attackers have increasing interest in compromising corporate networks to gain a foothold within internal environments. NuHarbor’s engineers will find the holes in your network before someone else does.

RAVEN

Remote Assessment Vulnerability Exploitation Node

The RAVEN allows NuHarbor operators to remotely simulate offensive actions against your system just as if they were onsite. RAVEN is the next best thing to having one of our operators on-premises.

 

  • Secure and convenient
  • Lower profile and fewer logistics than onsite staffing
  • Easier scheduling
  • Allows for testing at multiple sites and remote access for all offensive security activities
  • Device is mailed in a ruggedized case and only needs power and network to operate
  • Allows for testing with travel and work restrictions related to COVID-19