What We Do
What We Do
Challenging your defence with an alternative perspective
The purpose of red teaming is to better your blue team defence by providing a fresh perspective from an adversary to existing controls. Testing and measuring the effectiveness of the people, processes, and technologies of your organization.
Exercise the people, processes, and technologies
Vulnerabilities don’t just come from outdated technologies or loopholes from security processes or even a low sense of security among your people. It is a combination of all three of these pillars that adversary exploits to expose or attack your data.
Assume Breach
Fundamentally, if somebody wants to get in, they’re getting in… accept that. The next step is how do you detect and respond to these threats.
Client Results
Our Framework
Our Approach
At this phase, we shall choose the target, attack scenarios, objective, rule of engagement, and a white team. The white team comprises senior members of the organisation who will know the test, its secret, and who can stop the game if there is damage to the system.
Typically, a red team engagement begins by collecting organisational data through Open Source Intelligence (OSI) – Gathering info from publicly available resources, and Human Intelligence (HI) – Gathering info from individuals through direct interaction.
The exploits & implants are bundled into a deliverable payload, and delivered via the following means:
(i) Email-based phishing attack
(ii) Phone-based phishing attack
(iii) Bring Your Own Device (BYOD) as infection carriers. or
(iv) Non-malicious in nature; simply act as a flag, which will notify the red team that a user has opened an email with a specific attachment
By this stage, initial foothold should already have been obtained. During this stage: Common techniques used during this stage could include:
(i) Abusing weak permissions
(ii) Abusing trust relationship
(iii) Process manipulation
(iv) Credentials dumping
(v) Exploiting vulnerabilities
Execute the attack to capture the final flag. Final flag – the objective pre-agreed before the start of the assessment:
(i) Domain administrative access privilege
(ii) Local administrative access privilege of a certain system
(iii) Data exfiltration, which aims to examine the robustness of the organisation’s protective monitoring and egress protection measures; and how quickly unusual outbound traffic can be identified by the blue team; Common techniques include: Web filtering bypass & abusing lax removable media control
Results of the red team exercise will be documented in detail in our full report. Recommendation for remediation work is proposed in a structured and thorough manner. The blue team is informed of the test, and in some instances, compile its own blue team report.
This is not a re-test or verification test. It is more commonly delivered in a workshop model. Goal: To learn about the red/blue teaming experience.
Need a kickstart with cyber security?
Knowledge, experience, and resources are the cornerstones of defending your business from cybercrime. Since 2003 MXC has been fighting cyber-crime with hundreds of major corporations.
Contact US for more information