Security Services

Intelligence-led Penetration Testing and Red Teaming Services

Companies are more and more aware about the threats derived by possible cyber-attacks which are evolving rapidly in sophistication, stealth, and complexity. For this reason, small, medium and large organizations are deploying defensive layers, mechanisms and solutions to prevent cyber threats from occurring: firewalls, IDS, IPS, and other systems compose the defense line against malicious operations. To these technical devices, we can add the human layer - the so-called “blue team” - that configures, maintains and operates on this infrastructure. There is one problem though: this defense works with different interaction and processes, that in some cases, are extremely complex and is mainly tested only when a harmful and stressful incident occurs.

How can we be sure your defenses work properly? And how can you know if your internal security team and security operations center (SOC) is really prepared to detect and respond to a targeted attack?

Our Intelligence-led Penetration Testing and Red Teaming assessment is the practice of attacking a problem from an adversarial point of view and follows different approach from a typical security assessment. It relies heavily on well-defined tactics, techniques, and procedures (TTPs), which are of utmost importance to successfully emulates realistic threat or adversary.

Our services rely on highly skilled security professionals, senior penetration testers, and ethical hackers from different backgrounds and various skills with extensive experience, in both defense and offense, combining unique mindsets for the same goal: YOUR SECURITY.

Hacker vs. Blue Team

Our Threat Intel-Based Red Teaming Methodology

At wizlynx group, our Red Teaming and Intelligence-led Penetration Testing services are delivered by following the five below stages highly inspired from frameworks like Intelligence-led Cyber Attack Simulation Testing (iCAST), and CBEST Intelligence-Led Testing:
Preparation
Threat Intelligence & Attack Planning
Attack Execution
Result Analysis & Reporting
Lessons-Learned Workshop

Preparation

The rationale for red teaming is to be defined during this phase. There is a need before engaging in any activity to assess the customer’s current needs and the scope of the actions that will be undertaken. This is the phase during which limitations such as the duration, the legal boundaries and prohibited actions have to be determined. This can be compiled under the form of a “rules of engagement” document


Threat Intelligence & Attack Planning

Once the scope has been agreed, testing can commence with the attack preparation phase introducing Threat Intelligence. Threat-intelligence based scenarios mimicking real-life cyber adversaries are essential to the success of testing activities and are the output of the generic threat landscape and targeted threat intelligence.

Multiple attack scenarios are created by using the generated Threat Intelligence to determine the most probable steps that real world cyber attackers would use to compromise the target customer and critical functions along with the MITRE ATT&CK framework.

wizlynx group Red Team Attack Planning

Attack Execution
wizlynx group uses a simple execution concept which is constituted of three main phases to complete an engagement.

Get In
First of all, our red team must have access to their targets and therefore need to gain access to the network.
Stay In
Then, our red team must establish persistency to survive the duration of the engagement.
Act
Finally, the red team performs actions (also known as operational impacts) agreed together with the customer during the preparation phase. Operational impacts are actions designed to demonstrate a weakness.

Each phase is broken down in sub-phases representing the attack execution workflow as shown below:

wizlynx group Red Team Service Methodology

Reconnaissance

This phase includes a passive and active reconnaissance to gather information about the target organization and employees, as well as identify underlying components such as operating systems, running services, software versions, etc.

Exploitation

During the Exploitation phase, we will attempt to break in or compromise information assets previously discovered and phish target employees with social engineering techniques by email, phone, fax or SMS.

Post-Exploitation

Deployment of a persistent backdoor in the victim environment to maintain access for an extended period. Move between, and gain access to various systems within an environment. Establishment of a command channel (command & control).

Action on Objectives

Consists in completing the objectives set by the customer. Examples of objectives could be:
  • Collection of user credentials
  • Access sensitive customer records
  • Acquire full domain control
  • Assess client defenses against insider threat

Result Analysis & Reporting

The report will include a comprehensive and meaningful C-level summary of the executed Intelligence-led Penetration Testing and Red Teaming assessment which will include security strengths, comprehensive analysis of organizational capability, with recommendations for remediation and enhancements.

The detailed report will also include the actual scenario-based attack as it played out, listing the attack elements (with respective evidence) that were critical to the success of the attack, such as the weaknesses discovered that enabled the Red Team to progress to the next stage.

Finally, a complete logbook of all actions performed by the Red Team will be provided to the customer containing timestamps, source & destination IP addresses, tools, command, description, output, result, etc.

wizlynx group Red Team Operations and Threat Emulation Services Report

Lessons Learned Workshop

Although Intel-led Penetration Testing and Red Teaming is offensively focused, it is ultimately used as a tool to improve security & Blue Team. A workshop with all necessary party’s representatives is organized to discuss the red teaming engagement and findings.

The workshop has for main objective to go through all actions performed by the red team. For actions undetected by blue team, the goal is to understand why detection mechanism and procedures failed, in order to take out lessons learned and improvement actions. 

Red Team Targets - Processes - People - Technology

Our Latest Intel-led Penetration Testing and Red Teaming Engagements

Asset Management Firm

Breach-Assumed Red Teaming engagement composed of two scenarios. The first scenario consisted in emulating an authenticated attacker with physical access to the customer’s office premise such as a staff employed by cleaning company. The second scenario consisted in mimicking an attack, as a low-privileged domain user with access to the customer’s network.

Given the two scenarios, the objective was to identify if an attacker could penetrate our customer’s defenses and gain unauthorized access to organization’s Domain Controller within the given timeframe.


Water & Energy Provider

Red Team Operations and Threat Emulation Services following a Breach-Assumed scenario of a water, gas, and electricity provider which consisted in emulating an internal threat of a user having access to network sockets. The main objective was to identify if sensitive information can be discovered and exfiltrated as well as if the ICS/OT network can be accessed by the attacker.


IT Service Provider

Intelligence-Led Penetration Testing & Red Teaming composed of the Get-In, Stay-In and Act phase against the infrastructure and employees of an IT Service Provider. The Red Teaming engagement’s Get-In phase included both vulnerability identification and exploitation as a mean to break into the customer’s network but also advanced spear-phishing attacks against key employees. The main objective defined during the engagement was to access and exfiltrate sensitive data and assess the customer security operations center’s capability to detect our attacks.

Our Security & Red Teaming Certifications

wizlynx's security consultants and penetration testers hold the most recognised certifications in cyber security and penetration testing industry such as: SANS/GIAC GPEN, GWAPT, GCIH, GMOB, OSCP, CEH, CISSP, CISA and more!

Penetration Test | Offensive Security Certified Professional | OSCP
Penetration Test | GIAC Certified Penetration Tester | GPEN
Information Security | GIAC Expert Researcher and Advanced Penetration Tester | GXPN
Penetration Test | CREST Certified Penetration Tester | CREST
Penetration Test | GIAC Web App Pen Tester | GWAPT
Penetration Test | GIAC Mobile Device Security Analyst | GMOB
Penetration Test | Offensive Security Certified Expert | OSCE
Top