RED-TEAM PENETRATION TESTING The ‘red team’ penetration test simulates real attack scenarios (“Friendly Hacking”) by bypassing security defenses while remaining unnoticed until a substantial holding of critical assets is gained. A ‘Red-Team’ penetration test encompasses several attack methodologies and expertise, these include network-level attacks, application layer attacks, exploiting known vulnerabilities in software infrastructure (web servers, routers, operation systems, etc.) and social engineering techniques.
Some attack scenarios may include worm-like malware attacks to demonstrate these capabilities. The scope of a ‘Red-Team’ is not limited to a specific system or IP address, it covers the entire organization the same way an external attacker would. Breaking the perimeter is only the first stage of a Red-Team exercise. Hunting down ‘crown jewels’ inside your network while staying undetectable is the challenging part. Moving laterally around the network help organizations to test their detection capabilities, security architecture, and security systems configurations.
The results of a ‘Red-Team’ exercise are just another list of vulnerabilities that needs to be addressed but rather a wide and strategic view of the organization overall security posture, highlighting it’s weakest links. ‘Red-Team’ exercises demonstrate in a clear and strategic way the gaps in your organization’s security program and provide detailed strategies for improvement. Combining our the Red Team activities with our Threat Intelligence capabilities provides our customers with a unique value, from uncovering adversary motives and tactics, through to predicting likely attacks, weak spots, and vulnerabilities in systems, networks, and data-centers.
OUR APPROACH We help organizations prepare to a real-life attack scenario and to improve prevention, detection and response time to advanced threats :
1.
INFORMATION GATHERING
Every activity begins with an initial Reconnaissance and Threat analysis phases. At this preliminary stage, Komodo’s team utilizes its proprietary technologies and methodologies to collect information about the organization’s attack surface. After gathering the information, Komodo continues to create a map detailing the results and their analysis, i.e. a list of possible targets and attack vectors, likely attack scenarios, and possible “weakest links”.
2. CRACKING THE PERIMETER Based on the generated threat map, Komodo’s team will continue to try and gain control (operating system level) of an internet facing server/system in the client’s DMZ, by detecting and exploiting application/infrastructure level vulnerabilities.
3. PERSISTENCE, CONTROL & TROPHY HUNT Once an initial foothold has been established on the operating system level. The team will demonstrate control over a system/server/workstation in the datacenter while continuing to install persistence mechanisms that allow continuous acquisition of resources in the network in the same way an Advanced Persistent Threat (APT) would.