Ministry of Hack (Admin Office 365)
38 Turner St,
London, UK
E1 2AS



Back to Top


Faq Section

The M-O-H penetration test is conducted in accordance with the strictest professional and ethical standards. Tests are designed to identify and safely exploit vulnerabilities while minimising the risk of disrupting everyday business.

How effective is your cyber security?

With threats continuing to grow in both volume and sophistication, performing a pentest to understand how an attacker might breach your business’ defences and the appropriate action needed to address the risk is an important part of effective cyber security.

Insecure network configurations, authentication problems, as well as flaws in application source code and logic, are just three in a long line of underlying vulnerabilities that could be exploited by criminal hackers. With your organisation’s attack surface continuing to grow, keeping out the bad guys is an uphill struggle.

Using real-life adversarial techniques to identify common and complex vulnerabilities, MOH’s team of certified ethical hackers can help your organisation to clearly understand its weaknesses and develop a strategy to address them.

By identifying and exploiting vulnerabilities that evade automated online assessments, and providing clear help and advice to remediate issues, MOH’s ethical hacking and security penetration testing services enable you to understand and significantly reduce your cyber security risk.

All Ministry of Hack’s pen testing engagements are client confidential and unlike a real cyber-attack cause no damage or disruption.

1. What is penetration testing?

Penetration testing (pentesting) is the process of assessing computer systems, networks and applications to identify and address security vulnerabilities that could be exploited by cybercriminals.

Ministry of Hack ethical hacking task force engagements enable organisations of all sizes to effectively manage cyber security risk by identifying, ethically exploiting, and helping to remediate vulnerabilities that could lead to network, systems, applications and personnel being compromised by malicious attackers.

2. Does my organisation need a pen test?

With threats constantly evolving, it’s recommended that every organisation commissions penetration testing at least once a year, but more frequently when:

  • Making significant changes to company infrastructure
  • Launching new products and services
  • Undergoing a business merger or acquisition
  • Preparing for compliance with data security standards
  • Utilising and/or developing custom applications
3. What is the benefits of network penetration testing?

Regular pen testing helps improve your cyber security by:

  • Fixing vulnerabilities before they are exploited by cybercriminals
  • Providing independent assurance of security controls
  • Improving awareness and understanding of cyber security risks
  • Supporting PCI DSS, ISO 27001 and GDPR compliance
  • Demonstrating a continuous commitment to security
  • Supplying the insight needed to prioritise future investments
4. What is the vulnerabilities?

Vulnerabilities can be found in 3 key areas: infrastructure; applications; and people. Penetration testing, also known as ethical hacking, is a process that is carried out to identify vulnerabilities and exploit them to determine the level of weakness. As well as a proactive approach to protecting the business, this service is often used to demonstrate security compliance and to build on the level of employee awareness.

By using structured methodologies, depth of technical knowledge and state of the art testing tools, the penetration test will make sure your cyber controls are working. By identifying any gaps, recommendations can be made for better controls and changes that can be implemented to improve the organisation’s defences and mitigate the risk of a successful attack.

5. What’s the difference between pen test and vulnerability scan?
While a vulnerability scan uses only automated tools to search for known vulnerabilities, a penetration test is a more in-depth assessment. Pentesting utilises a combination of machine and human-driven approaches to identify hidden weaknesses.
6. What are the steps involved in a pen test??
Ministry of Hack penetration testing services use a systematic methodology. In the example of a network test, once the engagement has been scoped, the pen tester will conduct extensive reconnaissance, scanning and asset mapping in order to identify vulnerabilities for exploitation. Once access to the network has been established, the pen tester will then attempt to move laterally across the network to obtain the higher-level privileges required to compromise additional assets and achieve the objective of the pentesting engagement.
7. How is a penetration test conducted?
Penetration testing utilises the tools, techniques and procedures used by genuine criminal hackers. Common blackhat methods include phishing, SQL injection, brute force and deployment of custom malware.
8. What penetration testing tools are typically used?
Ministry of Hack’s penetration testers don’t rely on automated scanning applications. To detect hidden and complex vulnerabilities, they leverage a range of open source and commercial pentesting tools to manually perform tasks such as network and asset discovery, attack surface mapping and exploitation.
9. How long does a pentest take?
The time it takes an ethical hacker to complete a pentest is dependent upon the scope of the test. Factors affecting duration include network size, if the test is internal or external facing, and whether network information and user credentials are shared with Ministry of Hack prior to the pentesting engagement.
10. What happens after the pen testing is completed?
After each engagement, the ethical hacker(s) assigned to the test will produce a custom written report, detailing and assessing the risks of any weaknesses identified plus outlining recommended remedial actions. A comprehensive telephone debrief is conducted following submission of the report.
11. Can a pentest be performed remotely?
Many types of penetration testing can be performed remotely via a VPN connection, however some forms of assessment, such as internal network pen tests and wireless pen tests, may require an ethical hacker to conduct an assessment on site.
12. Will a pen test affect business operations?
A Ministry of Hack penetration test is conducted in accordance with the strictest professional and ethical standards. Tests are designed to identify and safely exploit vulnerabilities while minimising the risk of disrupting everyday business.
13. How much does a pen test cost?
The cost of a pentest is based on the number of days needed by our ethical hackers to achieve an agreed objective. A custom quotation is produced upon completion of a pen test scoping form.