Objective-Based Penetration Testing (OBPT)

The Objective-Based Penetration Test is a bundle that’s offered on top of our thorough Infrastructure Penetration Testing service offering. It adds context and specific testing that makes it much more comprehensive. You set objectives (such as access to your most critical data or domain admin), and our ethical hackers will provide the attack narrative of how it was achieved. It’s a comprehensive penetration test that incorporates adversary simulation.

What you will get:
  • Social engineering scoped to your preferences (phishing, vishing, tailgating, device drops)
  • Active directory assessment to identify weaknesses in passwords and configurations
  • Ransomware assessment that will identify impacts of a ransomware attack with the current configuration and security controls
  • A thorough penetration test across your infrastructure
Secure Information

Approach an objective from all angles to ensure that information remains secure.

Accurate Simulation

We simulate the attacks launched by a malicious party, both internally and externally.

Detailed Report after Testing Period

Attack narratives outline how a particular objective was obtained.

Strategic Security Recommendations

High-level assessment with recommendations to improve security posture.

Most frequent questions and answers - OBPT

An objective-based penetration test begins with a comprehensive, coverage-based infrastructure penetration test. It layers on additional components to round off the assessment, and make it far more realistic and thorough to ensure we actually move the needle on security. The objective-based penetration test includes Infrastructure Penetration Testing, an Active Directory Password Audit, Active Directory Bloodhound Audit, e-mail phishing, advanced simulation of your top five objectives (e.g., obtain access to ERP, obtain administrative control over the target network, etc.) and more.

We recommend the objective-based penetration test as the initial approach for most organizations because it helps prioritize your path to low risk across people, processes and technology. It also helps evaluate the responsiveness of your blue team!