Mobox.®
Mobox/Services/Cybersecurity/Penetration Testing

02 / PENETRATION-TESTING

Cybersecurity

Penetration TestingCybersecurityWe attack your systems before someone else does.

We attack your systems before someone else does.

We simulate real attacks against web apps, APIs, mobile, cloud and on-premise infrastructure. Every test produces vulnerabilities prioritised by business risk with guided remediation.

OSCP

All testers certified

100%

Reproducible PoCs

+ retest

Always included

§ A

Overview

A well-run penetration test isn't an automated scan with a PDF attached. It's an offensive intelligence exercise run by certified specialists (OSCP, OSWE, CRTO) who combine tooling, manual research and creative exploitation to find what scanners miss.

We operate by OWASP, PTES and NIST SP 800-115 methodologies and produce reports usable both by the CISO and by developers, with reproducible PoCs and verified fix guidance.

§ B

What's included

  • Web application & API testing (OWASP Top 10, BOLA, SSRF, deserialization)
  • Mobile app testing (iOS, Android) with reverse engineering
  • Cloud security review (AWS, Azure, GCP) and Kubernetes
  • Active Directory and internal infrastructure
  • Wireless and physical on request
  • Simulated social engineering and phishing
  • Remediation retest

§ C

Deliverables

What you get at the end — or along the way — of an engagement on Penetration Testing.

  1. D/01Executive report for management
  2. D/02Technical report with PoC and CVSS
  3. D/03Vulnerability tracker with fix priorities
  4. D/04Debrief session with developers
  5. D/05Attestation of execution to standard

§ D

Use cases

Pre-release validation

Security validation before the go-live of a new customer-facing application.

Annual recurring

Periodic tests required by compliance frameworks (PCI-DSS, ISO 27001, NIS2).

M&A due diligence

Cyber risk assessment of a target company's assets.

Post-incident

Attack surface review after a security event.

§ E

Our process

01

Scoping

Definition of goals, perimeter, rules of engagement, time windows.
02

Recon

Passive and active information gathering, OSINT, surface mapping.
03

Exploitation

Identification and exploitation of vulnerabilities, lateral movement.
04

Reporting

Structured documentation with evidence, impact and recommendations.
05

Retest

Verification of implemented fixes.

§ F

Technologies

Burp Suite ProNuclei · Nmap · AmassMetasploit · Cobalt StrikeBloodHound · ImpacketFrida · MobSFPacu · ScoutSuite

Indicative stack. We adapt choices to your context, internal skills and existing constraints.

§ G

Frequently asked questions

Q/01How long does a pen-test take?+

A medium-complexity web app takes 5–10 days; an internal infrastructure 10–20. Initial scoping is free.

Q/02Do tests impact production?+

We agree windows and techniques to minimise impact. For critical systems we work on an equivalent staging environment.

Q/03What do I get at the end?+

Technical and executive report, reproducible PoCs, fix prioritisation and a debrief session.

Other capabilities — Cybersecurity

24/7 SOC

Eyes on your logs, always. Response in minutes, not hours.

NIS2 Compliance

From gap analysis to attestation: a pragmatic path.

Incident Response

When it happens, we get you back on your feet fast.

Next step

Let's talk about penetration testing.

A 30-minute call to understand your context and whether we can really help. No commitment.

Get started All services