Red Team Security Engagements – Simulated Attack Assessments
More often than not, a high majority of security testing focuses on one or individual aspects of an organisation’s security. Siloed and isolated projects do and will provide a view of any security shortcomings and potential vulnerabilities. However, having knowledge of an organisations full aggregated security posture provides ‘real life’ results in the event of an attack.
This type of assessment is designed to reflect that of an attacker that has targeted your organisation. By utilising up-to-date hacker techniques and practices, RootShell Security will ethically work with the organisation to determine the length, depth and type of simulated attack, either from the perspective of a well-funded attacker group, disgruntled employee or threat intelligence lead assessment.
A simulated attack assessment is meticulously planned, scoped and managed by CREST Certified Simulated Attack Managers. The idea is to harness and aggregate all the defences of an organisation, to fully stress test the whole business within the remits of any agreed scope. This type of assessment can be run over an extended period of time, or tailored to your organisation’s requirements and encompass all of the individual assessment types. Working closely with the Cyber Kill Chain (by Lockhead Martin), RootShell Security work through the following areas of the kill chain:
- Reconnaissance: RootShell Security will attempt to identify vulnerabilities with the target. This could be via OSINT, social engineering, internet digital footprinting or standoff physical inspections of the target buildings;
- Weaponisation: RootShell Security attempts to weaponise the method, i.e. remote access malware potentially tailored to one or more vulnerabilities;
- Delivery: RootShell Security delivers the weapon to target, this could be via e-mail attachments, or USB drives or via physical intrusion and implant;
- Exploitation: The payload is triggered or physically deployed, exploiting the
- Installation: Remote access or a ‘backdoor’ could be created;
- Command and Control: Remote access control to the target is created and maintained;
- Actions on Objective: RootShell Security then carries out the objects of the test, which could be exfiltration of data, persistent ‘backdoor’ to monitor the organisation, capture a trophy or flag, predetermined by the organisation.
Electing to participate and be the target of a simulated attack provides massive returns to the organisation, such as but not limited to:
- Testing security procedures and practises
- Reviewing the bigger picture of the organisation security posture rather that projects in isolation
- Providing evidence of what policies and procedures failed or indeed protected the organisation during the attack lifecycle
- Tests any incident response and ‘actions upon’ in the case of any detection of the attack
- A detailed report and management presentation including remediation workshops.