Security Services

Red Team Operations and Threat Emulation Services

Companies are more and more aware about the threats derived by possible cyber-attacks which are evolving rapidly in sophistication, stealth, and complexity. For this reason, small, medium and large organizations are deploying defensive layers, mechanisms and solutions to prevent cyber threats from occurring: firewalls, IDS, IPS, and other systems compose the defense line against malicious operations. To these technical devices, we can add the human layer - the so-called “blue team” - that configures, maintains and operates on this infrastructure. There is one problem though: this defense works with different interaction and processes, that in some cases, are extremely complex and is mainly tested only when a harmful and stressful incident occurs.

How can we be sure your defenses work properly? And how can you know if your internal security team and security operations center (SOC) is really prepared to detect and respond to a targeted attack?.

Our red team assessment is the practice of attacking a problem from an adversarial point of view and follows different approach from a typical security assessment. It relies heavily on well-defined tactics, techniques, and procedures (TTPs), which are of utmost importance to successfully emulates realistic threat or adversary.

Our services rely on highly skilled security professionals, senior penetration testers, and ethical hackers from different backgrounds and various skills with extensive experience, in both defense and offense, combining unique mindsets for the same goal: YOUR SECURITY.

Hacker vs. Blue Team

Our Red Teaming Methodology

At wizlynx group, our red team operations and threat emulation services will be delivered by following the four below stages:

Preparation

The rationale for red teaming is to be defined during this phase. There is a need before engaging in any activity to assess the customer’s current needs and the scope of the actions that will be undertaken. This is the phase during which limitations such as the duration, the legal boundaries and prohibited actions have to be determined. This can be compiled under the form of a “rules of engagement” document


Execution
wizlynx group uses a simple execution concept which is constituted of three main phases to complete an engagement.

Get In
First of all, our red team must have access to their targets and therefore need to gain access to the network.
Stay In
Then, our red team must establish persistency to survive the duration of the engagement.
Act
Finally, the red team performs actions (also known as operational impacts) agreed together with the customer during the preparation phase. Operational impacts are actions designed to demonstrate a weakness.

Each phase is broken down in sub-phases representing the attack execution workflow as shown below:

wizlynx group Red Team Service Methodology

Reconnaissance

This phase includes a passive and active reconnaissance to gather information about the target organization and employees, as well as identify underlying components such as operating systems, running services, software versions, etc. The following is a non-inclusive list of items that will be tested to allow us to craft our attack in an informed fashion, elevating our probability of success:
  • Targeted threat intelligence analysis
  • Open domain search
  • DNS investigation
  • Public information search (search engines, social networks, newsgroups, etc.)
  • Open Source Intelligence (OSINT)
  • Port scanning, OS fingerprinting, and version scanning
  • Network enumeration

Exploitation

Phase which consists in the attempt of breaking in or compromising information assets previously discovered and phish target employees with social engineering techniques by email, phone, fax or SMS.

Post-Exploitation

Deployment of a persistent backdoor or implant in the victim environment to maintain access for an extended period. Move between, and gain access to various systems within an environment. Establishment of a command channel (command & control) to enable our red team to remotely manipulate the victim. This is where we ensure remote access to exploited systems is stable for post-exploitation tasks.

Action on Objectives

Consists in completing the objectives set by the customer. Examples of objectives could be:
  • Collection of user credentials
  • Privilege escalation
  • Internal reconnaissance
  • Lateral movement through environment
  • Collection of sensitive information and exfiltration

Analysis & Reporting

All findings will be documented in a final report, and then compared with a strengths/weaknesses profile against international standards for IT & Cyber Security. The identified weaknesses will be assessed and supplemented with recommendations and remediation actions, as well as prioritized according to the risk associated.

The final report will be discussed during a presentation with you. The report will include a comprehensive and meaningful C-level summary of the executed red teaming exercise. Additionally, it will include all detailed results with respective evidence and recommendations for future security measures

wizlynx group Red Team Operations and Threat Emulation Services Report

Lessons Learned Workshop

Although red teaming is offensively focused, it is ultimately used as a tool to improve security. A workshop with all necessary party’s representatives is organized to discuss the red teaming engagement and findings.

The workshop has for main objective to go through all actions performed by the red team. For actions undetected by blue team, the goal is to understand why detection mechanism and procedures failed, in order to take out lessons learned and improvement actions. 

Red Team Targets - Processes - People - Technology

Our Security & Red Teaming Certifications

wizlynx's security consultants and penetration testers hold the most recognised certifications in cyber security and penetration testing industry such as: SANS/GIAC GPEN, GWAPT, GCIH, GMOB, OSCP, CEH, CISSP, CISA and more!

Top