Automated audits for all attack surfaces
IN A NUTSHELL
SPEED AND EFFICIENCY
REPORT & ACTION PLAN
OPTIMISED BUDGETS
- CYBERESIST® audits external, internal, and cloud attack surfaces to detect security blind spots.
- Our automated tests quickly process all asset scopes, including hundreds of IP addresses.
- CYBERESIST® maps the audited resources.
-
Vulnerabilities are clearly described and sorted by category and risk level.
- The action plan provides solutions to quickly correct the most critical flaws.
- Automated audits help reduce costs.
- By subscribing, you can carry out regular audits with progress measurements.
100% AUTOMATED AUDITS
EXTERNAL ATTACK SURFACE
Comprehensive scan of the exposed web surface with over 80 specialised tools.
Tests without agent installation, probes, or event log collection to minimise impact
Pre-Scan :
- Discovering subdomains
Passive scan
This scan enables an initial audit to be carried out, with the following deliverables:
- Determining the attack surface (Shadow IT) to validate the scope of the audit
- Searching for data leaks: searching for leaked source codes and passwords
- OSINT: open source intelligence
In-depth web audit
- Software mapping
- Vulnerability testing: configuration errors
- Automated launch of over 80 tools.
- In-depth analysis of the domain and sub-domains on the Internet (company and employee data).
- OWASP Top 10: testing the 10 main security risks related to web applications:
- Faulty access controls
- Vulnerable and obsolete components
- Non-secure design
- Lack of data and software integrity
- Poor identification and authentication
- Data injection tests
- Attacks using ‘intelligent’ passwords (brute force)*
Analysis and classification of vulnerabilities by severity and type.
Recommended solution for each vulnerability
Deliverables in French or English including Mapping, Detailed Report and Action Plan in Word and Excel formats.
ACTIVE DIRECTORY & PKI INFRASTRUCTURE
Detection of exploitable technical vulnerabilities and poor administrative practices, providing a clear view of the level of risk.
Exécution d’un outil sur une machine connectée au réseau interne (compte standard).
Identification of poorly protected privileged accounts: Kerberoasting, risky delegations, admin accounts outside Protected Users. Search for vulnerabilities and misconfiguration. Automated detection of potential attack paths.
Verification of critical configuration settings: NTLMv1, anonymous LDAP, SMBv1, Spooler/PetitPotam.
Password management audit: Rotation, RC4, passwords exposed in SYSVOL and network shares.
Mapping attack paths: via ACLs, trusts, and vulnerable PKI templates (ESC1–ESC11).
Assessment of operational resilience: Backups, recycle bin, monitoring, obsolete machines.
Windows workstation audit: password storage in the browser, presence of a password manager, etc.
AZURE ENTRA-ID & MICROSOFT 365
Our module offers a turnkey audit of the cloud environment.
Exécution d’un outil sur une machine avec un compte administrateur du tenant Azure
Identification of poorly protected privileged accounts: Kerberoasting, risky delegations, admin accounts outside of Protected Users.
Access security: MFA, privileged accounts, legacy authentication, break-glass.
Privileges & identities: Admin roles, PIM, apps without owners, main services at risk.
Security posture: Secure Score, EDR/AV, Intune, logs & retention.
Analytics & detection: Risky sign-ins, suspicious activity, unusual connections.
Compliance & resilience: GDPR, retention policies, backup & incident response.
CONTINUOUS MONITORING SERVICE
Use of the software map created by Scan.
Regular monitoring:
- BlacklistIP;
- Account leaks;
- Scan github, etc.
Automatic dispatch of alerts by the platform (after validation):
- Data leak;
- Vulnerabilities on your sub-domains;
- Attempted attacks on your users (phishing).
Monitoring developments between two audits
THE ADVANTAGES OF CYBERESIST
Thorough audits, tailored to the scope and size of the company, and extremely easy to use.
Thorough audits, tailored to the scope and size of the company, and extremely easy to use.Thorough audits, tailored to the scope and size of the company, and extremely easy to use.
Integrated AI services for personalised, dynamic and scalable audits.
Detailed AUDIT report with a clear management summary to prioritise the ACTION PLAN.
Measurement of discrepancies between AUDITS and ALERT MANAGEMENT FOR NEW VULNERABILITIES for continuous monitoring.
Our recent projects
The latest projects and successes in cybersecurity
Asset Management Company
Forensic analysis and global security audit
Following an email spoofing incident, our team of experts carried out forensic investigations and vulnerability assessments to protect the systems exposed.
ESN
Regular safety audits
Our web security experts implemented strict input validation mechanisms and carried out regular security audits, which effectively mitigated the risk of SQL injection.
DIGITAL AGENCY
In-depth vulnerability assessment
We carried out an in-depth vulnerability assessment of client organisations, identifying and correcting potential vulnerabilities before they could be exploited by attackers.
