RED-TEAM PENETRATION TESTING

The ‘red team’ penetration test simulates real attack scenarios (“Friendly Hacking”) by bypassing security defenses while remaining unnoticed until a substantial holding of critical assets is gained.

 

A ‘Red-Team’ penetration test encompasses several attack methodologies and expertise, these include network-level attacks, application layer attacks, exploiting known vulnerabilities in software infrastructure (web servers, routers, operation systems, etc.) and social engineering techniques.

Some attack scenarios may include worm-like malware attacks to demonstrate these capabilities.

The scope of a ‘Red-Team’ is not limited to a specific system or IP address, it covers the entire organization the same way an external attacker would. Breaking the perimeter is only the first stage of a ‘Red-Team’ exercise. Hunting down ‘crown jewels’ inside your network while staying undetectable is the challenging part. Moving laterally around the network help organizations to test their detection capabilities, security architecture, and security systems configurations.

The results of a ‘Red-Team’ exercise are just another list of vulnerabilities that needs to be addressed but rather a wide and strategic view of the organization overall security posture, highlighting it’s weakest links.

‘Red-Team’ exercises demonstrate in a clear and strategic way the gaps in your organization’s security program and provide detailed strategies for improvement.

Combining our the Red Team activities with our Threat Intelligence capabilities provides our customers with a unique value, from uncovering adversary motives and tactics, through to predicting likely attacks, weak spots, and vulnerabilities in systems, networks, and data-centers.

OUR APPROACH

We help organizations prepare to a real-life attack scenario and to improve prevention, detection and response time to advanced threats :

SERVICES

INFORMATION GATHERING

Every activity begins with an initial Reconnaissance and Threat analysis phases. At this preliminary stage, Komodo’s team utilizes its proprietary technologies and methodologies to  collect information about the organization’s attack surface. After gathering the information, Komodo continues to create a map detailing the results and their analysis, i.e. a list of possible targets and attack vectors, likely attack scenarios, and possible “weakest links”.

CRACKING THE PERIMETER

Based on the generated threat map, Komodo’s team will continue to try and gain control (operating system level) of an internet facing server/system in the client’s DMZ, by detecting and exploiting application/infrastructure level vulnerabilities.

PERSISTENCE, CONTROL

& TROPHY HUNT

 

Once an initial foothold has been established on the operating system level. The team will demonstrate control over a system/server/workstation in the datacenter while continuing to install persistence mechanisms that allow continuous acquisition of resources in the network in the same way an Advanced Persistent Threat (APT) would. 

Secure Your Web Applications, APIs & Mobile Apps 

with Advanced Black Box Penetration Testing Services

FOR MORE INFORMATION

A security red-team is a test that aims to assess the security level of an organization, identify main weaknesses in its security posture

Komodo and our cyber intelligence researchers, offer clients a turnkey solution that comprises real-time threat alerts, deep and full analysis, and expert advice to assist them in handling and mitigating threats.

Penetration Testing

TALK TO OUR REPRESENTATIVE

TO LEARN MORE

USA: +1 917 5085546 

UK: +44 20 37694351

ISR: +972 9 955 5565

Komodo Consulting - Penetration Testing Company
  • Komodo Consulting Penetration security services Company on Twitter
  • Komodo Consulting Pentest Testing Company on LinkedIn
  • Komodo Consulting Penetration security testing service provider on Facebook

Copyright © Komodo Consulting