Through our Red Team services, also known as Adversary Simulation, we will go far beyond traditional testing. In order to put all your existing security infrastructure to the real test against a complex and advanced specific threat, our Red Team will emulate and act just like that threat concerning you, whether it is an Advanced Persistent Threat (APT), a Ransomware gang, or a rogue employee.
Benefits of Red Team services
Adversary Simulation services provide by far the most real-world scenario that you can use to test the efficiency and strength of your organization’s security layers, such as Endpoint protection technologies (AV, EDR, XDR…), Security Operations Center (SOC), Incident Responders and such.
Through these services, we will help your organization enhance its overall security posture, and most importantly prepare the security team for advanced cyber threats. This service is crucial in security-mature corporations, since after making significative investments in detection and response infrastructure, the only other way to test the defenses in place would be to wait for a real attack to happen. But in that scenario, if there was some security issue already, it could lead to a disaster.
Some of the benefits of Red Team services are the following:
- Detection of the organization’s transversal security weaknesses.
- Improvement of monitoring systems and teams.
- Correct flaws in the detection process as well as event analysis.
- Improvement and strengthening of incident response plans.
- Training of the security team to respond to real incidents.
Red Team Scenarios
Corporations are constantly exposed to all kinds of threat actors that pose several risks to them. Our Red Team simulates these concerning adversaries to test and see if your organization’s security infrastructure is ready to confront them.
Instead of searching for vulnerabilities all across your organization (that’s the Pentest’s goal) we will have a specific target for the engagement instead. It can be whatever the threat to emulate would actually go after, like a certain sensitive database, Domain Admin privileges to install ransomware, or access to a particular subnet for example.
APT Simulation
An advanced persistent threat (APT) is a sophisticated cyberattack where an intruder remains undetected in a network to steal sensitive data over an extended period.
- State-Sponsored hacking group
- Financially Motivated
- Cyber-Terrorists
- Rogue Employees (Insiders)
- Competitors
Ransomware
We will simulate a Ransomware attack to your organization, usually by achieving high-level privileges in your network and later installing a fake but visually scary ransomware.
- WannaCry, CryptoLocker style ransom screens
- Assessing Social Engineering effectiveness against your company’s employees
- Help to raise awareness and identify security / Incident Response gaps
Other Threats
We will tailor our Red Team service to the specific threats your organization is concerned about. The aforementioned examples are the most common, but any other threat profile desired can be simulated by our security experts.
- Fully customized and tailored threat profile to be simulated.
- Their tools, tactics, techniques and procedures will all be employed as well.
Custom Malware and Tools
Threat actors are diverse and their tradecraft has many variations. While some will leverage common open-source tools or legit RMM software in a malicious way, others will deploy highly evasive malware that will slip by most anti-virus technologies.
Through Iglenson Security’s Red Team services, we can develop custom and original Offensive Security Tooling (essentially malware used for good) to be deployed for your specific assessment. Malware droppers, initial access killchains and C2 agents can all be designed from scratch for your organization’s engagement, ensuring that the threat we are simulating is like anything ever seen before, which is particularly challenging for the defensive team.
These custom tools are designed and proved to be evasive against major EDR and Antivirus vendors, so it will be up to your company’s defensive team to hunt our Red Team Operators in your networks through telemetry and other traces.