How well prepared are you and your security departments (SIEM, SOC, Blue Team) against real hacker attacks? Are you able to recognize and fend off real hacker attacks? Which Tactics, Techniques and Procedures (TTPs) of the MITRE ATT&CK Matrix are you already aware of?
In this security analysis, our experts examine your resilience to realistic hacker attacks. In this process, we aim to successfully compromise your global organization by utilizing well-known Advanced Persistent Threat (APT) methods, also known as TTPs, alongside a C2 infrastructure
Exemplary test objects:
Our experts use social engineering or phishing to gain initial access to the internal company network.
Our experts conduct attacks aimed at escalating privileges, with the objective of acquiring administrative access to endpoint devices.
Our experts analyze your corporate network to compromise critical IT assets and data.
In 2020, several large companies such as Twitter, Amazon and Shopify were victims of insider attacks. ¹
More than two thirds of all companies state that they are vulnerable to attacks from within. ¹
An average attack by an insider is discovered after 77 days. ²
During a Red Teaming Assessment, our IT experts thoroughly examine your entire corporate structure for potential entry points. The objective of the tests is to assess your resilience against real-world APT attacks. Furthermore, we provide you with helpful recommendations for hardening IT systems as well as for the detection and prevention of attacks.
In an initial coordination meeting, we define the objective of the Red Teaming Assessment. The scope of the audit and the IT systems included are discussed here. The content of a Red Teaming Assessment varies from company to company and is mostly based on the current security status of your company. A red teaming assessment can be carried out from various attacker perspectives. For example, by an external attacker without access to your internal network, who must first achieve a so-called “initial foothold” using various attack methods. This is usually achieved through social engineering, phishing or the compromise of one of your IT systems exposed on the Internet.
Alternatively, the “Assumed Breach” perspective of an attacker is often chosen. This approach simulates a scenario where an attacker already possesses access to an endpoint device within your internal IT infrastructure. It is then examined what could happen if an initial attack, for instance through social engineering or phishing, is successful. Starting from the attacker’s low-privileged position within the network, our goal is to compromise the key IT systems and data of your company. We define which systems are targeted and the criteria for a Red Teaming Assessment to be deemed successful and concluded during a collaborative meeting. A Red Teaming Assessment typically includes the complete compromise of your MS Active Directory environment as a domain administrator. Security solutions such as EDR/XDR remain activated and the SIEM/SOC team may not be informed about the test in advance.
Upon completion, you will receive a detailed final report including a list of recommended actions. In this report, we explain how a compromise of your company was possible from an attacker’s perspective and which steps you need to take to address the exploited vulnerabilities and misconfigurations.
Purple Teaming
If your company has already carried out several Red Teaming Assessments and can recognize and block many of the MITRE ATT&CK Matrix TTPs, we would be happy to carry out a so-called Purple Teaming Assessment. In the process, we maintain close communication with your Blue Teams and SOC/SIEM experts while realistic APT attacks are carried out.
Together, we identify existing gaps in the detection and prevention of known TTPs and assist you in enhancing your resilience in the shortest possible time.
We follow recognized international standards for our pentest procedure.
Our penetration testers are highly qualified and certified with several recognized hacking certificates.
