What We Do

What We Do

Challenging your defence with an alternative perspective


The purpose of red teaming is to better your blue team defence by providing a fresh perspective from an adversary to existing controls. Testing and measuring the effectiveness of the people, processes, and technologies of your organization.

Exercise the people, processes, and technologies


Vulnerabilities don’t just come out-dated technologies, or loopholes from security processes or even low sense of security of your people. It is a combination of all three of these pillars that adversary exploits to expose or attack your data.

Assume Breach


Fundamentally, if somebody wants to get in, they’re getting in… accept that. The next step is how do you detect and respond to these threats.

Client Results


Our Framework


Identify

Identify ways adversary could breach your defences

Protect

Detect

Detect and respond to your next attack

Response

Exercise your people, processes, and technologies before your next attack

Recover

Red Team

Identify

ways adversary could breach your defenses

Protect

Detect

and respond to your next attack

Response

Exercise your people, processes, and technologies before your next attack

Recover

Red Team

Our Approach


At this phase, we shall choose the target, attack scenarios, objective, rule of engagement, and a white team. The white team comprises senior members of the organisation who will know the test, its secret, and who can stop the game if there is damage to the system.

Typically, a red team engagement begins by collecting organisational data through Open Source Intelligence (OSI) – Gathering info from publicly available resources, and Human Intelligence (HI) – Gathering info from individuals through direct interaction.

The exploits & implants are bundled into a deliverable payload, and delivered via the following means:
(i) Email-based phishing attack
(ii) Phone-based phishing attack
(iii) Bring Your Own Device (BYOD) as infection carriers. or
(iv) Non-malicious in nature; simply act as a flag, which will notify the red team that a user has opened an email with a specific attachment

By this stage, initial foothold should already have been obtained. During this stage: Common techniques used during this stage could include:
(i) Abusing weak permissions
(ii) Abusing trust relationship
(iii) Process manipulation
(iv) Credentials dumping
(v) Exploiting vulnerabilities

Execute the attack to capture the final flag. Final flag – the objective pre-agreed before the start of the assessment:
(i) Domain administrative access privilege
(ii) Local administrative access privilege of a certain system
(iii) Data exfiltration, which aims to examine the robustness of the organisation’s protective monitoring and egress protection measures; and how quickly unusual outbound traffic can be identified by the blue team; Common techniques include: Web filtering bypass & abusing lax removable media control

Results of the red team exercise will be documented in detail in our full report. Recommendation for remediation work is proposed in a structured and thorough manner. The blue team is informed of the test, and in some instances, compile its own blue team report.

This is not a re-test or verification test. It is more commonly delivered in a workshop model. Goal: To learn about the red/blue teaming experience.