01

Who we are

Specialists

Our technical writers use our state of the art full system service scanner, providing a peace of mind to those business owners seeking to have thourough cyber defense and optimal organisation productivity.

Penetration Testers

skilled team with over 10 years of expertise working with countries such as Dubai, United States, Qatar and more. Сombined with our automated aggregator we offer the next level of security services.

Aggregator

Professional audits at your fingertips, built with an easy to use interface giving you in-depth analysis reports on vulnerabilities that have direct influence on company functions and security.

Deep Web

Darknet private board members with high authority and years of trust, will do everything to find all the info that can be used against your organisation preventing hazardous situations.

Osint

Deep Recon experts will find all critical data even in closed sources in order to have information about any leaks our clients may have, allowing us to formulate a strategy on how to best protect your organisation.

Security

From 0 day exploits to blockchain solutions our programmers and reverse engineers will give you professional code-reviews and whitebox details.

02

What we offer

  • We provide a full complex of attacks for organisations that are demanding up to date next level security.

  • We've listed details about each step of our work in order to make sure you understand what types of attacks we perform.

  • Each step has many operations within itself, our auditing scanner performs 1500+ audits and within each audit come several checkpoints that equal over 20,000 scans.

Our red teaming services Include 7 stages:

  • Discovery, fingerprint and footprint
  • Recon and Osint
  • Social engineering
  • Penetration testing
  • Network attacks
  • Exploitation and Analytics
  • Reporting
03

Attack strategy

04

Attacks include

Social engineering

On: Company, employees, chiefs
  • Vishing and Smishing (Hello, Tina, It looks like you forgot to send me invitation to party we are having this week, I will send you sms with my new number)

  • Phishing (Blocking notice on inactive account, please make sure to reactivate it)

  • Social contact (Hello, Jimmy, do you work here? Nice, I used to work here, can tell you…)

  • Malicious documents attack (Best employees of this year can be always interesting)

  • Fake Shantage (I know something about you, I need you to tell me something about him)

  • Social media contact ( Hello Jimmy, don’t you want to go out with sexy me?)

  • Email spoofing (Email from Boss saying you have to do this, please do it NOW)

  • Fake notice ( Just read it and answer it)

  • Road apple (Found USB with trojan masked as something interesting always works)

  • Shoulder surfing ( Interesting info, I guess we will use it…)

  • Quid pro quo ( I just helped you, can you please help me with WIFI password?)

  • Identity theft ( of employee or client)

  • Tailgating ( Fake ID, Rfid or visitor badge - easy)

  • Bribery ( It is ok for us to get where we need for some little gift)

  • Impersonation ( Pizza boy will do it well)

  • Dumpster diving ( Some pizza left in a trash with cut paper and credentials we will need) and others, depending on situations.

Penetration Testing

On: “Scada systems,Sap, Voip, Web applications, Server application and OS, Mobile applications, Desktop software”
  • OWASP top 10 from 2004 2018 including 108 categories for now.

  • 0day exploits check.

  • Private exploits check

  • Common vulnerabilities: SQL,Xpath and code injections, XSS, RFI/LFI, XXE, RCE/LCE, Race conditions, CSRF and others.

  • Logical mistakes of developers and system administrators

  • Bruteforce attacks on all services based on intellectual dictionaries we gather from Recon stage.

  • CMS public and private vulnerabilities

  • Domain/Subdomain/DNS attacks

  • DOS/DDOS proof checks

  • Finding already exploited parts of application by somebody else and getting access

  • Buffer/Stack/Heap overflows

  • Fuzzing of everything that can be fuzzed using intelectual fuzzers in our Cryeye System.

  • Common human mistakes

  • Ciphe rattacks

  • And much more.

Notice: During pentest we also use our CryEye project for maximum coverage of all types of potential vulnerabilities and threats. Info about this project can be read here

Network attacks

On Cameras, PC/Laptop/Servers, Printers, Routers, Scada system, Mobile phones, lot
  • Men in the middle attacks

  • Wifi cracking using 10+ technologies

  • Traffic interception, sniffing and analysis

  • Lan cable Mitming

  • Eavesdropping

  • DNS poisoning and malware delivery through browser , fake update, etc.

  • JS zombie creation

  • And much more

Discovery / Footprint / Fingerprint

On Cameras, PC/Laptop/Servers, Printers, Routers, Scada system, Mobile phones
  • Enumeration

  • Footprint

  • Fingerprint

  • Network mapping

  • Subdomains harvesting

  • Exact version detections

  • And much more.

Osint / Recon

On Company, employees, chiefs
  • Sensitive data gathering

  • Repository analytics

  • Social networks analysis

  • Leaked data of employees analytics ( emails, passwords, credit cards, usernames)

  • Archive data analysis

  • Dark Web and Deep web check on company information for sale

  • Different public/private search engine usage for data harvesting

  • And much more.

Exploitation, Network extending and Post exploitation

On Company, employees, chiefs
  • Privilege escalation

  • Horizontal and vertical network extension

  • Sensitive data capturing and usage

  • Exploitation of found vulnerabilities

  • Poc writing

  • Passwords and data Decryption

  • Software deobfuscation

  • Malware attacks on exploited machines

  • Maintaining Access

Reporting with analytics

On Full report on all findings on suitable for client format with all the credentials that were found during test including all phases of attack.
  • Business damage impact

  • All found vulnerabilities and credentials

  • All vectors of successful attacks

  • Advices on problem removal

  • Educational videos and presentations

  • Log of our activities

05

What else can we do

  • Whitebox

  • Greybox

  • Reverse Engineering

  • Buffer overflow

  • Exploitation writing

  • Blue team services

  • IT Security Education

  • Antivirus integration

  • Incident response

Cryeye web vulnerability scanner

Private use only

  • Owasp top 10 vulnerabilities check

  • 1500+ Custom scripts and checks on vulnerability and recon

06

Frequently asked questions

Order now
09

Contacts

CQR INC. | 1801 FOREST DR, DELTA JUNCTION, AK 99737
Mail: [email protected]  / 
Phone: +19073022502 +380930827777  / 
Penetration Testing