External Network Pentest

• Assessing an organization's security from the outside looking in
• Methodology focuses heavily on OSINT gathering
• Typically lasts 32-40 hours with another 8-16 hours for report writing

Internal Network Pentest

• Assessing an organization's security from inside of the network
• Methodology focuses heavily on AD attacks
• Typically lasts 32-40 hours with another 8-16 hours for report writing

Web Application Pentest

• Assessing an organization's web app security
• Methodology focuses heavily on web-based attacks and the OWASP testing guidelines
• Typically lasts 32-40 hours with another 8-16 hours for report writing

Wireless Pentest

• Assessing an organization's wireless network security
• Methodology depends on wireless type being used (guest vs WPA-PSK vs WPA2 Enterprise)
• Typically lasts 4-8 hours per SSID with another 2-4 hours for report writing

Physical Pentest & Social Engineering

• Assessing an organization's physical security and/or end-user training
• Methodology depends on task and goals
• Typically lasts 16-40 hours with another 4-8 for report writing