We are a team of IT professionals working in IT security field for many years. While we are currently focused at Red Teaming exercises, we do provide regular IT security services, such as:
We are a team of IT professionals working in IT security field for many years. While we are currently focused at Red Teaming exercises, we do provide regular IT security services, such as:
During a penetration test we help our clients to assess the security of their website/mobile/desktop application or a segment of their network infrastructure (internal and/or external). We do this via automatic and manual tests by looking for publicly known and unknown (zero day) vulnerabilities. After the audit we provide a detailed report which lists identified issues, ways to verify them and potential remediation steps.
To help our clients with secure coding we offer our source code review services. During a source code review we look at the code purely from the security perspective and identify vulnerabilities in the source code. We are “polyglots” and understand a wide range of programming languages, such as Java, PHP, Python, .NET, Ruby just to name a few. To avoid software vulnerabilities in the future we can also help you to implement a Secure Development Life Cycle (SDLC).
One of the most common reasons of a data breach is a human error. Through social engineering exercises we show how vulnerable the company’s staff is to attacks such as phishing (spoofed emails), vishing (impersonations over voice calls), smishing (malicious SMS messages), etc. We collect all user interactions related to our attempts to lure employees into a trap and provide analysis of such data along with steps to reduce the mistakes caused by the human factor.
No IT system is inherently secure and no employee was born as an IT security focused human being. IT security is a process where training is one of its components. We share our knowledge and skills through a variety of IT security related training courses from generic IT security awareness to secure development or hacking. Let us know your IT security needs and we will check which training course is the most relevant to your company.
The term Red Teaming describes a set of activities aimed at assessing the target company’s capabilities to defend against a real cyber-attack. Usually such activities are performed in stages and can be summarized as follows:
During the first phase of a red teaming exercise we collect as much intel about our target as possible. The target’s IT infrastructure is scraped for technical details allowing us to understand technologies used within the company. We analyze related social media accounts and collect content which could be used as a basis for the pretexts used in later stages. While most of the reconnaissance is done online, when possible we physically (non intrusively) inspect target company’s offices for useful information which is not available online.
Once we collect enough information about the target we try to gain initial foothold by either conducting a social engineering attack, exploiting identified issues in the infrastructure or infiltrating the company’s buildings physically and deploying rouge devices onto the network. We try many vectors to identify as many entry strategies as possible to understand the weaknesses of the target’s infrastructure or organizational processes.
After we compromised one or more devices on the target’s network we make sure we do not lose access to such devices as that would prevent us from completing our final assignment and would require us to start over. Depending on the situation we try to deploy customized malware which allows to reconnect to the infected device whenever we need to continue with our activities. When installation of persistence mechanisms is impossible we attempt to extract certain secrets, such as cached passwords, sensitive documentation, etc. which could help us to continue with the assignment.
It is rare that we hit the end goal (i.e. CEO’s laptop) with our initial compromise. Therefore, after we gained and secured our initial foothold, we navigate through the target network to find the most important systems, storing the most sensitive data related or responsible for the most critical processes. Depending on the complexity of the network and implemented safeguards the lateral movement phase might take a while. During this phase we try to “borrow” network credentials and exploit internal systems which are outdated or configured improperly.
The final step of our red teaming exercises is an attempt to exfiltrate sensitive data out of the target’s network. To do so we select certain samples of documents or the items that were agreed upon with the client in advance. This way we illustrate the real impact of a cyber-attack which could be preformed by a malicious actor. After this phase we also start the cleanup process to remove as many traces and artifacts as possible from the target infrastructure.
More detailed information on red teaming activities will be available soon. Stay tuned!
Got a question? Don’t hesitate and send us a message right away! We will respond as soon as possible. And until then – stay safe!