The Red Team focuses on vulnerability assessments, social engineering and physical security. Penetration tests, extended social engineering campaigns (such as "spear phishing") and Red Team simulations are carried out on a regular basis. A realistic threat model is created using specifically developed attack scenarios in order to uncover vulnerabilities and thus create transparency in our customers' IT environments.
RED Team Deepdive
Modules
Supply chain security monitoring
The Darknet is continuously searched for sensitive company data and supplier information.
- Continuous monitoring for new mentions on the Darknet
- Searching the darknet for company-specific data
- Possibility to react quickly to potential attacks and defend against them
OSINT - Darknet Snapshot
Open Source Intelligence, one-time collection, investigation and analysis of freely available information about the company and evaluation for further attack scenarios.
- Critical information
- Searching the darknet for company-specific data
- Search for internal company documents
External audit
Simulates an attacker from the Internet.
- Checking the IT infrastructure accessible via the Internet (e.g.: mail, FTP and VPN servers, web applications)
- Without social engineering
Application Audit
Cloud/web/mobile/client check
- Security of the application logic and possibly the underlying server/OS infrastructure
- Audit in accordance with relevant standards and norms (e.g.: OWASP API Security Top 10, OWASP Top 10, OWASP Mobile Security)
- Incl. source code analysis as required
Social engineering
Checking the IT security awareness of employees
On site:
- Physical intrusion (overcoming the perimeter)
- Searching the internal area for further information
- Actively influencing employees
- USB dropping
Remote:
- Simulation of wide-ranging and targeted phishing campaigns
- Vishing/smishing attacks
Awareness training
Training on the identification and correct handling of realistic attack methods
- Concrete threats explained in a practical way
- Practical procedures
Internal audit
Simulates an attacker who could gain access to the internal network.
- Checking the internal network (Active Directory, file shares, applications,...)
OT Audit
Review of network compartmentalization, company-wide with a focus on access to the production environment
- Evaluation of the security of the production environment based on relevant standards and norms
- Audit of SCADA and control technology networks (OT)
- Review of access control/remote maintenance
Audit vs. red teaming
RED teaming
IN, THROUGH, OUT
// we transform for the better
Based on TIBER-EU (European Framework for Threat Intelligence-Based Ethical Red-Teaming)
- Only the targets to be achieved are defined
- The attacker is free to decide when and how to try to achieve them
Red Team - Breaching
IN
Simulation of an attacker without restrictions trying to gain access to the internal network
- Verification of the complete external perimeter (systems, personnel, ...)
- Coverage of various realistic attack scenarios
Red Team - Assumed Breach
TROUGH, OUT
Simulation of an unrestricted attacker attempting to spread through the internal network to achieve specific goals
- Checking the internal attack vector including the defense mechanisms and IT security processes
- Coverage of various realistic attack scenarios
Test -Your -SOC
TROUGH, OUT
Checking how far an attacker can penetrate the company without being detected by the Security Operations Center (SOC)
- Tests are divided into different phases in order to recognize the reaction time of the SOC
Purple Teaming
TROUGH, OUT
In collaboration with the SOC team, defined targets are worked towards in order to simulate various attacks
- Indicators of Compromises (IoCs) are generated for the SOC team through the replay workshop
- The IoCs can be used to establish rules so that attacks can be detected more quickly in future
Clear & understandable
We understand that reports are an essential part of our service delivery. Our reports are therefore essentially divided into two sections: the "executive summary" for management and the "detailed findings" for the technical team. Of course, we not only provide you with the findings themselves, but also an assessment of the weakness and a recommendation on how you can rectify it.
Qualified test center within the meaning of the NISG
Fulfillment of necessary requirements, which are also validated accordingly by the BMI
- Experienced auditors
- Security-cleared auditors within the meaning of the Security Police Act (§ 55a para. 2 SPG)
- Taking own security precautions (e.g. ISO27001 certification)
- Use of suitable hacker tools
- Application of a suitable testing process
- Appointment by decision
- Companies with a head office and registered office in Austria