Engagement

The engagement step includes, as a minimum the following key stages:

• Client Details – Capture the relevant Client Information.

• Definition of Scope – Clearly define the target, what is to be tested (systems, networks, applications) and importantly, what (if anything) is to be excluded.

• Payment – Via Credit Card and/or Purchase Order.

Vulnerability Assessment

The Vulnerability Assessment step includes, as a minimum the following the following key stages:

• Reconnaissance – Gather all available information pertinent to the target system or network (within scope). Reconnaissance may be achieved through both passive or active techniques (i.e. public sources or technical scanning).

• Fingerprinting – Identifying operating system and running service information including the technology stack,  operating systems of systems and network or other devices within the in-scope environment.

• Automated Scanning – Scanning conducted using vulnerability identification tools as selected by the Block8.ai team.

• Analysis – the use of Block8.ai’s proprietary AI toolset to analyse the vulnerabilities identified through the scanning process. Vulnerabilities are assessed to see if they are actual or false positive and if they have the potential to be exploited.

AI Vulnerability Exploitation

The AI Vulnerability Exploitation step includes, as a minimum the following key stages:

• Exploiting Vulnerabilities – the use of Block8.ai’s proprietary artificial intelligence toolset to leverage identified vulnerabilities with the aim of exploiting them to permit unauthorised activities such as access or control.

• Post-Exploitation – If permitted within the scope of the engagement. Additional exploitation of the compromised system in an attempt to escalate access privileges or access sensitive date or to move laterally through the target environment.

Reporting

The Reporting step includes, as a minimum the following key stages:

Executive Report

• Provides a non-technical overview of the engagement including result statistics and severity levels

Technical Report

• Detailed Findings – All identified vulnerabilities will be documented along with the severity and the potential impact on the client organisation should that vulnerability be exploited.

• Remediation Recommendations – Actionable activities that can be conducted by the client to reduce the potential impact from identified vulnerabilities.

• Human Validation – Block8’s human subject matter experts will review all findings and recommendations as validation of the AI processes.

Certificate

• Provision of a one-page letter with no technical details that the client can confidently publicise to their external stakeholders as an assurance that testing has been conducted.

Re-Testing (as Required)

The Re-Testing step includes, as a minimum the following key stages:

• Re-Testing is conducted if a request is received within 45 days of the issue of the report.

• Re-Testing is conducted only on previously identified Critical and/or High Vulnerabilities with the aim of establishing if the previously identified vulnerabilities have been remediated.

• Re-Testing includes the issue of revised reporting (all three reports).