Red Team

Test your security the way hackers would compromise you


Service

Using the tactics, techniques, and procedures (TTPs) of real attackers, we simulate a fully fledged cyber attack. The simulation covers Open-Source Intelligence (OSINT), reconnaissance, phishing, physical entry, social engineering, and tactical network exploitation and more.

Our simulation starts with attempting to obtain access from the outside by exploiting the human element. This is done by delivering malware through phishing or physically planting a hardware implant. Once on the internal network, we perform internal network reconnaissance and tactical network exploitation to gain access pre-defined critical assets.

A Red Team does not only test your technical defenses, but also your exposure online, employee’s awareness, and as only selected few employees are aware of the test, your detection and response capabilities are also tested.


Value

  • Test your security and resilience against current and real cyber threats

  • Identify vulnerabilities on critical assets

  • Test your detection and response capabilities

  • Flag driven test

  • Identify gaps in your employees awareness

Deliverables

  • Debriefing workshop of several hours with your internal IT operations team. During the workshop, we will review the findings, discuss the remediation suggestions from the report and showcase some attack path examples from the report.

Written report with two primary sections:

  • Management section for management and decision makers with high-level risk picture and executive summary.

  • Technical section with detailed observations for each security insufficiency.


 

Methodology

Together with you we define the scope, threats actors to simulate and goals of the test.

How we attack the environment will vary greatly depending on the threat actors, goals, and the organization, but the phases are the same:

  • Initial Reconnaissance and OSINT - Using passive and active techniques we identify publicly available information on your organizations, its employees, its IT systems and more. This information is used to identify attack paths and craft payloads used for the attack.

  • Compromise and persistent foothold - We simulate the attack methods of the chosen threat actors using our custom-made payloads to compromise your systems, and obtain an initial persistent foothold within your network.

  • Internal Reconnaissance - Once on the internal network, we slowly (and under the radar) enumerate users, groups, rights, computers, and other types of objects and systems in your environment.

  • Post Exploitation - Using the information gathered on your infrastructure and environment, we attack users and systems to gain access to more systems and user accounts. When new access is obtained, we perform more reconnaissance and more post exploitation. These two steps continue until we achieve the pre-defined goals.

  • Data Exfiltration (or proof thereof) - When we obtain access to one of the goals, we either perform data exfiltration to show we obtained access to it, or if desired, we only document the possibility of exfiltrating it, ensuring sensitive data does not leave your network.

Our methodology is inspired by the penetration testing and assume breach approach and make use MITRE ATT&CK framework, along with custom developed Command and Control profiles.

 

 

Involvement

These tests requires limited involvement from your team during the test. After the tests, several hours of involvement are to be expected for a debriefing workshop where we review the findings.

 


 

See our other services