0. WHO ARE WE?
We entered the security field purely for our passion to break technology.For many years, we operated as invidual freelancers in a multitude of fields like Petrol Extraction, Banking, Software Development, Online Casinos or Telecomunications.Later we decided to create Sentientchip and from there everything came natural.
1. HOW DO WE PRICE OUR SERVICES?
Each project varies in size, complexity and complication which in the end give its duration. Also, every company is unique, from the technology mix that it is using to the leadership style and the risk apettite it maintains.
Because of that, we dont use a fixed price for all Penetration Tests, Red Teaming Exercises or any type of security audits. At Sentientchip we believe each client needs to be treated uniquely, based on his needs. That is the only way we can offer the maximum ammount of value per project.
Broadly speaking the pricing process would look as presented bellow:
- We have an initial meeting to discuss the type of projects that you want our services for.
- Each project is discussed to understand the scope of the test, technologies involved, if you need a blackbox, whitebox or grey box approach and priorities based on deadlines.
- We send you our offer and if you accept it we set a starting date and the rules of engagement.
2. HOW EXPERIENCED IS OUR TEAM?
Taken individually, none of our technical team members have less then 5 years in the Information Security field and others have been working for more than 10 or 15 years. As a result, you will always have the highest quality results, presented in the highest quality reports.
Our hiring process is also quite demanding but necessary given the skillset required in this field. All applicants go through a timed 24h practical test in our personal laboratory. The goal is to see how many vulnerabilities they can find and exploit. Based on their results we are able to assess their experience and ability to create clear and valuable reports.
Although we focus on what we can do and not on how many certifications we have, we understand new customers can’t just take our word as the absolute truth therefore we also hold the following certifications and trainings:
Offensive Security Certified Professional is an all around certification focused this time on Penetration Testing techniques in various areas.
The exam is practical and again as with RTO, you have 24h to hack a minimum of 4 out of 5 machines or fail. Some of the area OSCP focuses on:
- Web Applications penetration testing
- Internal/External Network penetration testing
- Using and modifying exploits to bypass security on Windows and Linux
- Windows and Linux Buffer overflow vulnerabilities
- Linux and Windows Local Privilege Escalation
- Antivirus Evasion
- Active Directory attacks
- Jenkins attacks
- Attacking Databases
Red Team Operator by ZeroPointSecurity is a fully practical Red Teaming certification which can be achieved only by passing a practical exam.
The exam’s length is 24h, time in which the student will have to hack/exploit multiple devices.
Some of the areas RTO focuses on:
- External Reconnaissance
- Initial Compromise
- Host Reconnaissance
- Local Privilege Escalation
- Domain Reconnaissance
- Credentials & User Impersonation
- Lateral Movement
- Session Passing
- SOCKS Proxies
- Reverse Port Forwards
- Kerberos Abuse
- Group Policy Abuse
- MS SQL Server Abuse
- Domain Dominance
- Domain & Forest Trusts
- Bypassing Defences
In the end the goal is to prepare a security professional that can create effective adversarial simulations.
Corelan Exploit Development Bootcamp
Defined by many people as the de facto standard in exploit development training, the course is hands on and in person.
The training pushes students to create and improve exploits. Areas that it covers:
The x86 environment
- System Architecture
- Windows Memory Management
- Introduction to Assembly
- The stack
- Running 32bit applications on a 64bit OS (wow64)
Stack Buffer Overflows
- Stack Buffers
- Saved return pointer overwrites
- Stack cookies
- Structured Exception Handlers
- Using egghunters
- Egg hunters in a WoW64 environment
Reliability & Reusability
- Finding and avoiding bad characters
- Creative ways to deal with character set limitations
Metasploit framework Exploit Modules
- Writing exploits for the Metasploit Framework
- Porting exploits to the Metasploit Framework
- Bypassing ASLR
- Bypassing NX/DEP
- Return Oriented Programming / Code Reuse (ROP)
- x64 processes, memory map, registers
- Functions & calling conventions
- Structured Exception Handling
- Stack buffer overflows
But our true skill does not come from certifications, our skill comes from constantly learning, researching and pushing our passion for security every day.
In case you haven’t found the answer to your question, feel free to reach out using our contact page.