- OFFENSIVE SECURITY
Red Team Service
As most of the organizations are taking actions to secure their applications and networks as part of their security policy by conduction penetration tests, they might get a partial overview regarding their readiness to a real world attack made by a group of hackers. The actual reason for that, is because penetration tests are most of the time limited in scope and resources and therefore presenting only the impact against a certain application or system.
Comsec’s red team provides its clients with realistic cyber-attacks against people (if needed), processes, and technologies. Throughout the course of this exercise, the Red Team engages controlled cyber-attacks against the client’s corporate network. To test the entire ecosystem and see how one security solution reacts to another and when – as the goal is to breach the perimeter, get control over predefined marks and exfiltrate them in case of need.
What is Red Team Service?
The team attempts to breach into the organizations perimeter, to demonstrate how vulnerabilities in the organization’s infrastructure, applications and processes – as well as the lack of awareness of its employees, or incomplete/inactive policies – could allow compromising its assets.
The team’s mission is defined as follows and focused on successfully capturing these three main goals:
– Breach the Perimeter – Attack from outside of the organization’s facilities, getting inside.
– Lateral Network Movement – Attack from within the organization’s network and try to move laterally over the network to reach headquarters with elevated network rights.
– Capture The Flag – Establishing access rights into servers, preferably with Domain Administrator rights.
Attack levels
The research and exercises are being conducted on the basis of a predetermined attack profile. There are four levels defined attack in which research and execution can take place with dierent resources. Each level has its own limitations and attack techniques:
- An attacker who only requests anonymity and needs the cheapest possible access attempts to access systems
- using open source software. The attacker will be looking for standard vulnerabilities that can be implemented quickly on many servers at once.
- A novice hacker where a limited budget is available to gain access to the networks of the party under consideration. The attacker will focus more on a specific target and has a focused goal.
- A novice hacker where a limited budget is available to gain access to the networks of the party under consideration. The attacker will focus more on a specific target and has a focused goal.
- A professional hacker who works alone, but has professional resources and knowledge to deploy his own exploits against the organization. Specific attacks such as the use of proper written exploits of Social Engineering attacks are used to achieve the goal.
- The hacker-for-hire. Multiple hackers are hired by an organization and try to breach the external perimeter. The greater the value of the hack, the more resources are used during the attack.
Common Simulations:
– Information gathering against the organization
– Information leakage from the organization’s corporate network – Awareness simulations for employees
– Incident response simulations for the organization’s security team – Test for patch management & Security controls configuration
