Red-Team Penetration Testing
The ‘red team’ penetration test simulates real attack scenarios (“Friendly Hacking”) by bypassing security defenses while remaining unnoticed until a substantial holding of critical assets is gained.
A ‘Red-Team’ penetration test encompass several attack methodologies and expertise, these include network level attacks, application layer attacks, exploiting known vulnerabilities in software infrastructure (web servers, routers, operation systems etc.) and social engineering techniques.
Some attack scenarios may include worm-like malware attacks to demonstrate these capabilities.
The scope of a ‘Red-Team’ is not limited to a specific system or IP address, it covers the entire organization the same way external attacker would. Breaking the perimeter is only the first stage of a ‘Red-Team’ exercise. Hunting down ‘crown jewels’ inside your network while staying undetectable is the challenging part. Moving laterally around the network help organizations to test their detection capabilities, security architecture and security systems configurations.
The results of a ‘Red-Team’ exercise are just another list of vulnerabilities that needs to be addressed but rather a wide and strategic view of the organizational overall security posture, highlighting it’s weakest links.
‘Red-Team’ exercises demonstrate in a clear and strategic way the gaps in your organization’s security program, and provide detailed strategies for improvement.
Combining our the Red Team activities with our Threat Intelligence capabilities provides our customers with unique value, from uncovering adversary motives and tactics, through to predicting likely attacks, weak spots and vulnerabilities in systems, networks and data-centers
We help organizations prepare to a real-life attack scenario and to improve prevention, detection and response time to advanced threats :
Every activity begins with an initial Reconnaissance and Threat analysis phases.
At this preliminary stage, Komodo’s team utilizes the CYSNIFF platform in order to automatically and methodology collect information about the organization’s attack surface. After gathering the information, Komodo continues to create a map detailing the results and their analysis, i.e. a list of possible targets and attack vectors, likely attack scenarios, and possible “weakest links”.
CRACKING THE PERIMETER
Based on the generated threat map, Komodo’s team will continue to try and gain control (operating system level) of an internet facing server/system in the client’s DMZ, by detecting and exploiting application/infrastructure level vulnerabilities.
Social Engineering techniques may be used to exploit the trust of an employee. Such techniques may include ‘Spear Phishing’, tailored-made malware distribution, referral to malicious websites and so forth.
PERSISTENCE, CONTROL & TROPHY HUNT
Once an initial foothold has been established on the operating system level. The team will demonstrate control over a system/server/workstation in the datacenter while continuing to install persistence mechanisms that allow continuous acquisition of resources in the network in the same way an Advanced Persistent Threat (APT) would.