- HOME
- PROFILE
- GLOBAL THEMES
- SOLUTIONS
- INDUSTRIES
- PRODUCTS
- Hidden Menu
- Brand Overview
- Services Overview
- E-SPIN Product Line Card
- E-SPIN Ecosystem World Solution Portfolio Overview
- GitLab (DevOps, DevSecOps, VSM)
- Hex-Rays (IDA Pro, Hex-Rays Decompiler)
- Immunity (Canvas, Silica, Innuendo)
- Parasoft (automated software testing, AppSec)
- Tenable (Enterprise Vulnerability Management)
- Veracode (Application Security Testing)
- Cybersecurity, App Lifecycle, AppSec Management
- Infrastructure, Network, Wireless, Cloud Management
- Platform products
- Hidden Menu
- e-STORE
- CAREERS
- BLOG / NEWS
- CONTACT
Pentesting
Penetration Testing
Penetration testing, or known as a pentest or ethical hacking, for enterprise ICT security assessment context refers to an internal or appointed external party to perform authorised simulated cyberattack based on the pre agreed scope of ICT infrastructure, system or application asset, to evaluate the extent of the cyber exposure. Some of the tools for performing typical vulnerability assessment will be used to perform initial phases for identifying weaknesses (potential vulnerability) to determine where to focus on the penetration testing (usually involved use specialised penetration testing tools or red team tool).
Depending on the scope of the pentest engagement, it can be white box (where background information is given in advance to the tester) or black box (only basic information is given), or gray box (a combination of white and blackbox).
A professional carry penetration test can be helpful to identify an infrastructure, system or application vulnerabilities that is exploitable, and provide insight into attack vector and path for enterprise to carry out mitigation, to block, to patch, to fix any validated exploitable vulnerability to be carried out.
Depending on the country, sector and industry, some are mandatory to at least to appoint and engage a 3rd party to perform penetration testing (pentest) on a regular schedule, and after system changes for regulatory compliance.
Product
Immunity Canvas
Immunity CANVAS or simply just CANVAS, is one of the top and leading commercial security assessment tools (SAT) allowing penetration testing, hostile attack simulations and exploit research and development. CANVAS is a suite of pentesting including reliable development and testing framework, comes with hundreds of exploits ready to be used sort by different use case category, and exploits library extendability to penetration testers and security professionals worldwide. One uniqueness of Canvas is it allows 3rd party exploitation packs to expand the private zero-days exploits known as Canvas exploitation pack (CEP) to make each pentesting system licensed tailored for the respective users needs and requirements.
For red team operations, a unique feature called Canvas Strategic can be activated for over two users and license to collaborate for at least one commander and one operator to perform red team operations, typically involving more pentesters users and require mobilizing one common campaign objectives and target under the commander leadership.
Feel free to contact E-SPIN for your project and licensing requirement.
Product
Immunity Silica
Immunity SILICA is a wireless security vulnerability assessment and penetration tool, purpose built and let wireless penetration testers focus on wireless pen testing projects, from scanning wireless networks and WiFi-enabled devices, as well as integrating a large number of WiFi specific attacks with a user friendly graphical interface.
SILICA is developed and designed to determine the true risk of Wireless networks, from WiFi access point, attempting to leverage vulnerabilities and determining what accesses behind the vulnerable access point can be compromised.
Since it is purpose built for wireless pen testing, a highly automated one-button interface for many of the actions is implemented. Typical wireless pen testing include WEP/WPA Cracking attacks to Key Reinstallation Attack (KRACK) - a man-in-the-middle attack, setup evil twin fake access point and intercept all connected wireless client, Kr00k Attack to exploit common Broadcom chipsets vulnerability, EAP Relay attack, client-side injection attack, SSL Stripping and Spoofing attack, service impersonation attack, Karma attack, Fake captive portal attack, executable replacement attack, Apple EAP-success attack, malicious AP detection, is some of the common wireless pen testing tasks can easily accomplish with the product.
Product
Immunity Innuendo
Immunity INNUENDO is a sophisticated post-compromise implant framework that models advanced data exfiltration attacks on your enterprise. It is an advanced penetration testing tool for modelling advanced attackers, based on a flexible, modular architecture, and offers nation-grade advanced attack capabilities to commercial penetration testing teams.
INNUENDO can be deployed entirely from memory via an Immunity CANVAS exploit, a post-exploitation CANVAS module, or from another INNUENDO instance. INNUENDO can run as an injected DLL or as its own process.
INNUENDO can behave in many different ways on your network. It models a wide variety of exfiltration methodologies and covert networking tactics, to test whether your network security and intrusion detection investment is performing the way it should be.
Product
Core Impact
Core Impact is one the top leading commercial pen testing tools. It is purpose craft and designed to be as comprehensive and multi-vector driven for security professionals assessing and testing security vulnerabilities throughout their enterprise.
Core Impact is designed to be used by a dedicated team of threat researchers, exploit writers and pentesting professionals in mind and ease their job workload. Core Impact also supports third party exploit packs. It is a Microsoft Windows platform based solution that is required to install in Microsoft Windows. It can exploit a variety of target OS, from AIX, Linux, Mac OSX, Windows, SCADA, to name a few.
Product
Cobalt Strike
Cobalt Strike is a commercial adversary simulations and red team operations tool. Cobalt Strike gives you a post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer’s network.
Cobalt Strike is threat emulation software. It is not a compliance testing tool, the focus is on red team activity. Red teams and penetration testers use Cobalt Strike to demonstrate the risk of a breach and evaluate mature security programs. In 2020, Cobalt Strike was acquired and is now under Core Security portfolio.
Product
Metasploiot Pro
Metasploit Pro is one the leading commercial pen testing solutions, designed for enterprise security and penetration testers. It allows you to test by simulating attacks on your network to uncover security issues. It is also typically used to validate vulnerabilities from vulnerability scanner report vulnerability.
Metasploit Pro is for users who prefer to use a web interface for pen testing. Unique features available in Metasploit Pro not in Metasploit Framework include task chains, social engineering, vulnerability validations, GUI, quick start wizards, Nexpose integration (vulnerability scanner product by Rapid7).
Value
E-SPIN & Pentesting and Ethical Hacking
E-SPIN has been active in both vulnerability assessment and penetration testing (VAPT) supply for enterprise customers since 2005. Be it part of enterprise threat and vulnerability management use case, for supply world class commercial penetration testing suite of system to private zero-days vulnerability exploitation pack for ethical hacking, to assist government customers for the hassle and complex US export control and license application paperwork with relevant agencies until proper and legally to license various world class penetration testing suite, system and related exploitation for ethical hackers among corporate internal penetration tester, red team operation, to external security consultant and licensed penetration tester.
Each penetration testing suite vendor may change owner due to takeover or acquisition along the year, E-SPIN continues without disruption to make supply for serious enterprise customers, be it national government authority, pentesting services firm to listed corporations who need to access it for carry out project and operation requirements. Feel free to contact E-SPIN for your project and requirement inquiry.
D2 Exploitation Pack for CANVAS. Due to the product continuous update in nature, so we prepare this post for those who interest to know what is include inside. Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow
Due to the product continuous update in nature, so we prepare this post for those who interest to know what is include inside. Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow the latest date, so it
Immunity CANVAS for Penetration Testing and Red Team Operations. Immunity CANVAS is world leading commercial security assessment tools (SAT) allowing penetration testing, hostile attack simulations and exploit research and development. CANVAS for Penetration Testing Immunity CANVAS or simply just CANVAS, is one of the top and leading commercial security assessment tools (SAT) allowing penetration testing, hostile
Immunity CANVAS Latest Build and Release, all in single post. This is a very common ask and keep update post, latest on top, and old just behind the latest information. Instead of creating multiple posts on different dates, we combine all in one, easy for reference for the same edition and build history and feature
In the digital economy since the 1990s the internet started to boom, cell phone technology transformed to smartphones. Modern smartphones, regardless of iOS power or Android OS based, are the de facto world standard. As more and more people use smartphones and as you can see, its sales are outperforming the traditional pc and even
Attack surface management (ASM) this few years is gaining momentum, as it provides a fresh new approach to security from the attacker’s perspective. As the market starts to realise reducing attack vectors is not practical to cope with modern challenges. In the IT field, it is very common for a couple of years to change
Core Impact Latest Release and Update post is specially dedicated to this Core Security powerful Penetration Testing software, Core Impact which are designed to ease security team in conducting advanced penetration. Please read in reverse order, if you interest from the old to latest manner as the latest release note and build always increment update
What is Core Impact? Core Impact is a penetration testing software that empower the security team to safely identify and exploit security weaknesses. It applies the same techniques as today’s threat actors or adversaries to efficiently test your IT infrastructure. With Core impact, organisations are able to discover, test, and report through a few simple
Immunity SILICA for Wireless Infrastructure Penetration Testing. Immunity SILICA is world leading commercial wireless security assessment tools (SAT) allowing penetration testing, hostile attack simulations target wireless infrastructure. SILICA is Wireless Penetration Testing Tool Immunity SILICA is a wireless security vulnerability assessment and penetration tool, purpose built and let wireless penetration testers focus on wireless pen
Microsoft Windows Zero-Day Vulnerabilities Attack and Impact, continue to draw market awareness, due to the fact, they remain the most used and absolute market leader in the operating system. If you are the offensive hacker, are you targeting the over 80% market share operating system or someone will lesser? The logic behind it is still
In conjunction with the E-SPIN 16th anniversary celebration, E-SPIN pleased to organize a seminar event focused on the cyber kill chain mythology and how it applies to red team operations process and framework. This event focuses on methodology, framework and processes, and at a high level dimension, regardless of whatever penetration testing and red team