CQR is a cybersecurity company that offers a range of services to help businesses protect themselves from cyber attacks. One of their key services is penetration testing, which is a simulation of a hacker’s actions to identify vulnerabilities in both external and internal information systems.
CQR’s penetration testing service follows a six-step process. The first step is Penetration Test Initiation, where the company and client sign an NDA and agreement, and work together to clarify the legal framework, testing method, and scope of the testing.
The second step is Reconnaissance and OSINT (Open-Source Intelligence), where the company collects and analyzes information from online search engines and public sources. This includes investigating email addresses, usernames, and associated accounts on external resources, as well as performing a reverse DNS lookup, scanning ports, analyzing traffic, finding subdomains, determining the technologies used, and more.
The third step is Threat Modeling, where the company identifies targets and potential attack vectors, as well as conducts an in-depth analysis of the data obtained during the reconnaissance and OSINT stage. This includes structuring probable threats into internal (employees and management, partners and suppliers) and external (web applications, open ports, network protocols and traffic), and using automatic scanning tools such as their own CryEye platform.
The fourth step is Exploitation, where the company determines the possibility of further exploitation of confirmed vulnerabilities, and simulates a real attack from a potential hacker. Depending on the needs of the customer, such attacks can be carried out on web applications, networks or Wi-Fi, hardware, social engineering, zero-day vulnerabilities, and more.
The fifth step is Risk Analysis, Recommendations, and Clearing Traces, where the company performs a risk analysis, structures the detected vulnerabilities, and develops recommendations on how to fix them. They then remove temporary files, created accounts, elevated privileges, and other traces of infrastructure or application pen testing, returning the system to its original configuration, or pass information about any significant changes to the customer.
The final step is the Report, where the company provides a detailed structured report on the methods used to identify vulnerabilities and exploit them, evidence in the form of data obtained by them, steps to reproduce, and screenshots. The report also includes their suggestions for improving the existing security system to protect the client from cybercriminals.
CQR offers three types of penetration testing: black box, white box, and gray box. Black box testing involves the company only providing their name or website address, and not providing any additional information about their system’s IT infrastructure or IP addresses. White box testing involves the company providing all necessary data about the infrastructure, including administrative access to all servers and other information related to the test object. Gray box testing involves the company telling CQR only some of the initial parameters of the test object, and may require additional information from the client during the testing process.
CQR also offers external and internal penetration testing, as well as Wi-Fi hotspot testing. Their Active Directory Audit uses their own methodology and individual approach to building an attack plan. CQR’s team of experts are regularly certified and trained in cybersecurity, and they use unique methodologies and full automation to identify vulnerabilities using their CryEye engine, which includes more than 1500 audits.
In addition to their penetration testing services, CQR also offers other cybersecurity services, including blue team, red team, and other services. Their CryEye platform is a complete, automated, and multifunctional platform that manages projects and finds technical vulnerabilities in them. It covers all potential vulnerabilities that can be detected automatically, which saves time for specialists, allowing them to focus more on finding more complex vulnerabilities through manual analysis.
Overall, CQR is a cybersecurity company that is committed to helping businesses protect themselves from cyber attacks through their range of services, including penetration testing and Active Directory audit.