Due Diligence Insights - Virtual conference presented by Duff & Phelps, A Kroll Business, and the IMDDA Register Now Chevron

Penetration Testing Services

Malware. Ransomware. Social engineering schemes. Brute force attacks. How confident are you that your protective measures are effective against current and emerging cyberattacks?

Independent penetration testing is the ultimate gauge of cyber defense effectiveness. Kroll’s CREST-certified experts have unique insights into the cyber risk landscape, including the tactics, techniques and procedures (TTPs) attackers typically deploy to gain access to digital assets.

Using real-world hacker techniques, we simulate attacks on your organization to identify gaps in your security. Common targets include the internet perimeter, internal and external network infrastructure, websites, databases, applications, and even your employees.

Don’t assume a crack is too small to be noticed, or too small to be exploited. If you do a penetration test of your network and 97 things pass the test but three esoteric things fail, don’t think they don’t matter.

Rob Joyce,

Head of the National Security Agency’s Tailored Access Operations

Our five-phase approach incorporates two powerful sources of insight: the front-line experience of our global team of preeminent cyber investigators and the real-time threats gleaned from sophisticated technology resources, including our patent-protected dark web tools. For organizations whose cyber maturity is advanced, we can also provide red teaming exercises (on a onetime or periodic basis) that focus on specific objectives and scenarios provided by your team. 

At the conclusion of our penetration testing, we provide substantive evidence of our findings and can recommend countermeasures to reduce your risk.

Kroll’s Five-phase Penetration Testing Approach

  • Project Initiation
    Our experts work with your team to develop goals and objectives with a focus on high-value assets.
  • Information and Intelligence Gathering
    Using reconnaissance techniques, we collect and examine publicly available information about your company and employees to identify potential attack vectors. Our extensive review 
    includes examining public websites, social media, domain registries and dark web data.
  • Threat Modeling Exercise
    Kroll experts analyze the reconnaissance information, identify potential attack vectors and develop a plan of attack for testing.
  • Attack Execution
    We attempt to access your organization’s environment using methods employed by real-life adversaries. The attack will target your IT infrastructure, websites, applications and employees.
  • Reporting and Consultancy
    Our final report summarizes our actions during testing, details any weaknesses we identified and includes remediation guidance to reduce the risk of compromise by a real-life adversary.

Why Kroll

  • Named the Best Cyber Security Consultancy by the National Law Journal for the past four years. Kroll has assembled an exceptional team with a proven track record in penetration testing services.
  • Senior team members have each spent decades working in cybersecurity, and our award-winning penetration testers are certified to some of the highest global industry standards, including CHECK, CREST (CCT/CRT), and SANS (GIAC).
  • Our testers have diverse backgrounds in information technology, application development and cyber investigations. This experience enables them to anticipate evolving and emerging cyber threats for our clients across industries and jurisdictions.

Comprehensive Related Services

  • Network Penetration Testing – External and Internal
  • Application Penetration Testing – External and Internal
  • Web Application Penetration Testing
  • IoT Device Penetration Testing
  • Dark Web Risk Exposure
  • Social Engineering Exercises
  • Red/Blue Team Exercises
  • Due Diligence Assessments 

Case Study

Baseline Assessment Including Pen Testing – Multidivisional Professional Services Company
An international, multidivisional professional services company was looking for a baseline assessment to prepare for ISO27001 certification. Kroll conducted an assessment that included external and internal vulnerability assessments and penetration testing. Kroll was able to present the client with a detailed report that described its level of maturity as assessed against the ISO27001 control objectives, and included recommendations for improvement.

To validate your confidence in your current measures and learn where to focus resources moving forward, contact one of our testing experts today.

Industry Accreditation
CREST has accredited Kroll as a global Penetration Testing provider.


/en-ca/services/cyber-risk/assessments-testing/penetration-testing /-/media/feature/services/cyber-risk/assessments-testing-desktop-banner.jpg service

System Assessments and Testing

Contact Us


Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk

Virtual CISO Advisory Services

Services to help teams safeguard information assets while supporting business operations.

Virtual CISO Advisory Services

Cyber Litigation Support

Expert witnesses on any cyber topic including forensic data collection and analysis.

Cyber Litigation Support

Kroll Responder

Mature your cyber security with unparalleled visibility and constant protection.

Kroll Responder

Cyber Risk Retainers

Secure a true cyber risk retainer with elite digital forensics and incident response capabilities.

Cyber Risk Retainers

24x7 Incident Response

Compliant notifications, reputation-saving remediation, and litigation support.

24x7 Incident Response