Critical Fault

Professional Cybersecurity & Penetration Testing Services

Experiencing an incident and need immediate assistance?

Penetration Testing

Every system is a target. Networks. Office Buildings. Cloud. Wireless. Applications. Our certified Red Team does it all.

APPLICATION SECURITY

The next frontier of cybersecurity is here. We are hackers. We think like hackers. We code like hackers. We exploit like hackers.

Digital Forensics

Our offensive security experience provides us the unique ability to discover and preserve digital records that other digital forensic firms might miss.

circuits-small
forensics1

About Our Company

Offensive Security Specialists Fighting For You

Critical Fault provides security testing to firms of any size. Our team of certified Red Team operators test products, facilities, networks, applications, IoT, source code, and more. Our unique skill sets also allow us to perform digital forensics to get to the root of any cybersecurity incident.

Why Work With Us

Critical Fault provides an innovative approach to risk assessments including security testing and adversary simulation. Organizations have critical assets that require strong protective controls. Critical Fault has developed several novel techniques to test the protective controls of an organization and provide insightful risk metrics for organizational leadership.

Our team of certified Red Team operators test products, facilities, networks, applications, IoT, source code, and more. Our unique skills sets also allow us to perform digital forensics to get to the root of any incident.

Kristopher Wall

CTO | Critical Fault

Testimonials

“Critical Fault operated in a very thorough and professional manner when performing the University of Oklahoma Foundation’s annual internal and external pen testing. The team was highly available and always addressed any concerns or questions presented. 

Working with Critical Fault felt like a collaborative effort to ensure a satisfactory outcome and remediation of exposed vulnerabilities found by their team of experts. I will be engaging with Critical Fault again to do this absolutely necessary testing to ensure a safe environment.”

Kara D Carter

Director of IT Infrastructure and Services | University of Oklahoma Foundation, Inc.

“More than ever, organizations are focused on protecting the vital digital assets that drive their services and connect them with their customers. That is why the City of Edmond invests in – and recognizes the value of – training like that provided by Critical Fault. That commitment allows us to deliver the service our customers deserve while ensuring we have a strong security awareness.”

That is why the City of Edmond invests in – and recognizes the value of – training like that provided by Critical Fault. That commitment allows us to deliver the service our customers deserve while ensuring we have a strong security awareness.”

City of Edmond

MTM Recognition engaged Critical Fault to help us further expand our third-party external and internal penetration testing landscape. “From the moment we first spoke on the phone to the last meeting discussing our results, their team has been nothing short of amazing. When you find a company with a culture like Critical Fault’s you hold on to them for as long as you can.

Without a doubt, we would recommend Critical Fault to other companies. In fact, we have already done exactly that. Their desire to be thorough and informative really helps us suggest their company anytime we’re asked about cyber security services.

We believe the largest assets within a company are employees who feel a deep sense of purpose and engagement. Their apparent desire to help make us better while also furthering our understanding of things at a technical level really helps set this company apart from all the rest. Critical Fault sets a great example of what a true partner should be.”

Scott Hankins

V.P. of IT | MTM Recognition

Professional Services

Our Services

Critical Fault provides a variety of cybersecurity services aimed to help increase your cybersecurity maturity, decrease your risk of a cyber event, and provide recommendations for increasing your organization’s current security controls. From identifying risks, implementing remediation strategies, and responding to incidents, our cybersecurity experts are dedicated to protecting your company and your data from cyber threats.

Risk Assessments

Risk assessments help organizations of any size identify risks to the organization and its information security. Risk assessments are the perfect solution to lowering cybersecurity insurance.

Penetration Testing

Penetration testing has become a critical element to any mature cybersecurity program. Critical Fault’s Red Team specializes in penetration testing as professionally certified hackers. We have an extensive background as developers, IT administrators, and physical security specialists.

Digital Forensics

Utilizing our expertise, certifications, and incident response toolkit, Critical Fault, a leading source of digital forensics in Oklahoma, will provide digital forensics to law firms and law enforcement. Our offensive security toolkit provides us the unique ability to discover and preserve digital records that other digital forensic firms might miss.

Application Security

Application Security is the next frontier in protecting your operations from incidents. Critical Fault focuses on the art of exploiting web applications by finding flaws in your enterprise’s web apps. Our Red Team is composed of experienced developers with the knowledge to find weak spots in your enterprise software development life cycle.

Physical Security

Critical Fault applies its unique background in medicine and physical science, combined with its Red Team expertise, to provide security testing services with a focus on medical and energy sites.

Training

Critical Fault regularly provides training to organizations, IT Security teams, developers, and to critical staff. The first step to preventing an incident is having a strong security awareness.

We Are Experts

Why Clients Choose OUR EXPERTS

With over 20 years of industry experience, our certified Red Team experts are prepared to hand your case with the maturity and diligence it deserves. Not only do we provide excellent services for our clients, but we also regularly speak at many of the local conferences.

BsidesOK
iwsokc
AFCEA
Root66

Our Certified Specialists Are Here For You

FAQ

Frequently Asked Questions

What is Penetration Testing?

Penetration testing, or ethical hacking, is an assessment of a company’s current security controls for information systems and buildings by employing the same techniques as real-world hackers to seek out and exploit vulnerabilities that put the confidentiality, availability, or integrity of an organization’s information at risk.

What Types of Penetration Tests Are There?

Penetration testing is typically performed against systems where all security controls are left in place. This helps to identify weaknesses in a system’s security controls.

Network Penetration Testing – a network security environment is tested by simulating real-world hacking techniques to try to bypass security systems and gain unauthorized access to an organization’s systems, networks, applications, or data.

Physical Penetration Testing – a physical security environment is tested by simulating a malicious actor’s attempts to physically breach the organization’s perimeter through social engineering, abusing poor physical controls, or utilizing a variety of tools to gain unauthorized access to sensitive areas and systems.

Application Testing – an application’s architecture, configuration, and design are assessed to identify any vulnerabilities that may put the application and underlying infrastructure at risk of being compromised.

Mobile Application Testing – similar to application testing, a mobile application’s architecture, configuration, and design are assessed to identify any vulnerabilities that may put the application and underlying infrastructure at risk of being compromised.

What is Adversary Simulation?

Adversary Simulation, or Red Teaming, is a process in which expert ethical hackers attempt to breach a security system by using the same techniques as real-world malicious actors, such as hackers. This allows organizations to spot and correct vulnerabilities before an actual attacker has a chance to exploit them.

What is a Risk Assessment?

A Risk Assessment is a comprehensive and exhaustive examination of an organization’s current security controls and information systems. A senior risk assessing works to identify any existing threats or areas of concern, and providing guidance on how to mitigate the risks identified in the assessment.

What is Threat Modeling?

Threat modeling is a formal process designed to help information security teams identify and prioritize potential threats to information systems.

Does My Business Need a Cybersecurity Plan?

Malicious hackers target based on a company’s vulnerability, not necessarily their sensitivity or size. 43% of all cyber-attacks are aimed towards small businesses. Additionally, the number of data breaches and hacking attempts increased by 27% between 2020 and 2021. With cybercrimes reaching an average of $4.24 million dollars in losses per incident, cybersecurity is critical to any business’ survival.

 

What is a Vulnerability Assessment?

 A systematic review of an organization’s information system assets, including security controls and networks, with the intent of identifying vulnerabilities and areas of improvement while giving recommendations on remediation of those vulnerabilities.

How Often Should I Be Conducting Penetration Testing?

Penetration testing should be conducted regularly, at least once a year, if not quarterly depending on the company’s risk levels, sensitivity, or regulatory standards.

 

How Often Should I Be Conducting Vulnerability Assessments?
Vulnerability Assessments should be performed regularly, at least quarterly, if not monthly depending on the organization’s industry.
Where are you located?

We have team members and offices in both San Antonio and the Greater Oklahoma City Metro areas.

What if I lost the password to my cryptocurrency wallet?

If you have the wallet saved to your hardware (i.e. hard drive, laptop, or other device), then we will happily help you regain access to your cryptocurrencies.

We do suggest that you leave the device powered off until a prefessional team can begin the recovery.

What is Digital Forensics?

Digital Forensics is a formal process of analysis used by security experts after a security incident has occurred. This process can help the organization perform a root-cause analysis or prepare for potential court proceedings.

What is Incident Response?

Incident Response, often shortened to “IR”, is the immediate protocols and steps an organization and their cybersecurity team takes after an incident has occurred. Incident Response Planning “IRP” is a critical component that should be addressed before an incident has occurred.

What is the Average Cost of a Cyber-Attack?

According to IBM Newsroom, in 2021, the average cost per incident was $4.24 million – the highest in 17 years.

What are the Main Types of Cyber-Attack?

Ransomware – Ransomware is unauthorized malicious software that is installed on networked systems, allowing the attacker to encrypt and lock systems until a ransom is paid to the attackers. Payment is typically made through cryptocurrencies, such as Bitcoin.

DDoS – or Distributed Denial of Service attack, is when the attacker tries to make a network system or application inaccessible to its intended users by flooding the system with large amounts of traffic, effectively denying access to legitimate users.

Drive-By Downloads – Drive-By Downloads are unintentional downloads of malicious code due to out-of-date software.

Zero-day – Zero-days are recently discovered vulnerabilities where the vendor hasn’t yet developed a security patch, allowing hackers an opportunity for attack.

MitM Attacks – when an attacker positions himself in between communications and eavesdrops for information or impersonates another individual to gain information.

Phishing Email – Phishing emails are a social engineering attack in which an attacker sends a fake message to an employee asking them to take an action. When the action is made, it helps provide the attacker increased access to systems or sensitive information.

How Can I Reduce Threats?

Ensure you are participating in information security best practices.

Perform regular penetration tests and vulnerability assessments to recognize and mitigate vulnerabilities before they become a problem.

Train your employees on social engineering attempts and how to protect themselves.

Practice separation of duties between employees to ensure work is being double checked for integrity.

Ensure your physical infrastructure is properly protecting sensitive hardware, data storage, and company information from unauthorized access.

What is the Difference Between a Vulnerability Assessment and a Penetration Test?

Vulnerability assessments are high-level tests that scans security systems and reports any vulnerabilities found. These assessments are often automated and tend to ignore the human element of a potential breach. Vulnerability scanners search for known vulnerabilities but are unable to identify previously undiscovered vulnerabilities.

A penetration test is performed by a certified penetration tester to actively exploit known and unknown vulnerabilities and determine an organization’s risk level. Penetration testing uses a thorough real-world approach to finding vulnerabilities and determining the severity of those weaknesses.

Why Do We Perform Penetration Testing?

Vulnerability assessments cannot predict human behavior. 95% of all cybercrime is caused by human error. Penetration testing allows for exploitation of human error and identifies vulnerability within the organization’s processes, structures, and infrastructure, as well as their security systems. Vulnerability assessments and penetration testing should both be performed routinely and remediation efforts should always be acted upon.

 

What if I was interested in educating myself on becoming a cybersecurity expert?

Here is a GitHub Repository of free resources to help you explore your white hacker skills and comprehension: https://github.com/CSIRT-MU/edu-resources

Good luck!

Our Partners

We are proud to be partnered with industry experts.

CBIZ
Pinpoint Security
Stinnett & Associates
aicco-white
okcchamber (1)

Meet Our Team

Meet Our Cybersecurity Specialists

Joan Stanolis

Joan Stanolis

Chief Executive Officer

Jordan Caldwell

Jordan Caldwell

Chief Security Officer

Kris Wall

Kris Wall

Chief Technology Officer

Madison Horn

Madison Horn

Advisor

Blog & News

Latest Posts

What to Expect for CMMC 2.0 Assessments

What to Expect for CMMC 2.0 Assessments

What to Expect for CMMC 2.0 Assessments   So now you have put in all the work to meet the requirements of CMMC 2.0 level 1, 2, or 3, but what’s next? Once the rules are finalized and being implemented, companies will need to be able to certify that they are...

CMMC 2.0 Requirements: Level Three

CMMC 2.0 Requirements: Level Three

CMMC Requirements: Level Three Now we enter the most nebulous category of CMMC 2.0 requirements: level three. While we know where the requirements will come from, we don’t know exactly how many will be added from the NIST 800-172 publication. While there are...

CMMC 2.0 Level 2 Requirements

CMMC 2.0 Level 2 Requirements

CMMC 2.0 Level 2 CMMC 2.0 Level 2-that’s where things really start to get serious. While the controls required aren’t incredibly difficult, there are probably a fair number that most companies haven’t considered before, especially since there are 110 of them. And I am...

CMMC 2.0 Level 1 Requirements

CMMC 2.0 Level 1 Requirements

We’re going to start digging through the CMMC levels, starting with CMMC 2.0 Level 1. I will go through the different protection areas and briefly describe what they mean. I don’t intend for this to be a complete guidance, but more an introduction to allow you to be...

The Levels of CMMC 2.0 Compliance

The Levels of CMMC 2.0 Compliance

Previously, we covered a brief history of the Cybersecurity Model Maturity Certification (CMMC 2.0 Levels) and touched on a few details of what it actually is. For this entry, we will be getting deeper into the internals of CMMC to begin breaking it down into its...

What is CMMC 2.0?

What is CMMC 2.0?

At this point, especially if you ever have contracted or subcontracted with the Federal government, you have probably at least heard the letters CMMC thrown about. There may have even been a twinge of trepidation surrounding the letters. But what do these letters...

Critical Fault all white text

Newsletter

Subscribe To Our Newsletter

We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.

Need Immediate Assistance?

Give us a call (405) 771-6399

Headquarters

3841 E Danforth Rd, Ste 106, Edmond, OK 73034 

110 E. Houston St, 7th Floor, San Antonio, TX 78205

Copyright 2024 - Critical Fault, LLC. | Privacy Policy