Red Teaming: Targeted Attacks to Test the Security of Your Company

Simulating APT – Improving Resistance

The threat posed by targeted attacks on companies and institutions is forever on the rise. In a targeted attack against your company's network, we simulate an Advanced Persistent Threat (APT) and put your IT security measures to the test. Apart from the name of the company, the red team is given no information whatsoever, i.e. it carries out its attacks from an external perspective in the form of a black box test.

The three most essential aspects of the company's security are assessed:

  • System security
  • Processes
  • Awareness and know-how of employees

A red teaming test can be compared to a firefighting exercise. The red team purposefully lights a fire and you can check that your emergency response is correct and whether you can put the fire out.

Lessons Learned

Red teaming provides different insights for the different departments in a company. The following questions are answered by a red teaming assessment:

  • CSIR: Do we recognize targeted attacks and can we defend them?
  • Business management: Is it possible for an attacker to take over the company's IT in x days?
  • Compliance/revision: Are the necessary processes in place and are they adhered to?
  • Training officer: Are further awareness measures necessary?

You are interested in Red Teaming?

Steffen Stepper
steffen.stepper(at)syss.de
redteam(at)syss.de
+49 (0)7071 - 40 78 56-6157
PGP Key

Project Scope

Red team projects are carried out over several months and usually involve the following project phases:

  • Kickoff
  • Analysis of publicly accessible data [optional]
  • Information gathering [optional]
  • Persistence in the company network [optional]
  • Social engineering [optional]
  • Compromising of systems and services
  • Privilege escalation
  • Achieving defined objectives
  • Willful triggering of protective systems and processes [optional]
  • Exfiltration of data [optional]
  • Access to the backup [optional]
  • Clearing the advanced persistent threat simulation [optional]
  • Documentation

If the individual phases do not fit your requirements profile, we will be happy to develop a suitably tailored service offer as part of a joint workshop.

Red Teaming Start Points

False Sense of Security

It is often assumed that no threat exists as long as the outermost layer – e.g. VPN access of a company – is secure. This is generally a mistaken assumption because, on one side, attackers could always also exploit yet unknown vulnerabilities in applications produced by companies – so-called "zero-day threats".
On the other side, an employee with malicious intentions could easily overcome this first protection layer because they already have legitimate access to the internal systems.
For these reasons, it is important to assess different threat scenarios and also always implement a "defense-in-depth" strategy, i.e. a multilayered system of security measures.

To reflect the threat situation of your company realistically, different scenarios are modeled. On one side there is a fully comprehensive black box approach with a simulated external actor having no knowledge of the internal structures and systems. On the other side is the reduced scope given the assumption that an employee account has already been compromised, a device has been stolen or even that the employee is a malicious actor and would like to harm the company. This is known as the internal actor scenario.

External Actors

The external actor scenario asks the question: "What damage can an attacker do with no knowledge of the company?" Typically, attempts are made not only to penetrate the company network through the internet, but also through other ways, such as physical assessments and social engineering measures. In cases where the red team does not breach the network successfully, it can be useful to define "leg-ups" with the help of the designated contact person. For example, a minicomputer could be inserted into the network by the contact person to enable network access.

 

Project scope

From 40 person days up

Prerequisites for the external actor scenario

Customer evidence of the sovereignty of individual systems identified in the RECON phase

 

Characteristics

  • Overview of possible attack vectors
  • Little preliminary work necessary, lower minimum quantity of persons involved
  • Greater minimum project scope than for the internal actor scenario

Lessons learned

From an external actor scenario, you can expect the following results:

  • Attack capabilities from the internet
  • Overview of building security
  • Security in the internal network
  • Gaps in logging
  • Response of the blue team

Internal Actors

The internal actor scenario asks the question: "What damage can negligent employees, or even employees with malicious intentions, cause to the company?" Possible examples would be a stolen turned-on device or a device with login details, blackmailing of employees with ATPs or anger with the company.

 

 

 

Project scope

From 20 person days up

Prerequisites for the internal actor scenario

  • Valid login details
  • Client device [optional]
  • VPN access [optional]
  • Knowledge of internal structures and processes [optional]

Characteristics

  • Reduced minimum project scope than for the external actor scenario
  • Faster breaching of sensitive areas and, consequently, faster results
  • No conclusion drawn on the first layer of protective measures

Lessons learned

From an internal actor scenario, you can expect the following results:

  • Security in the internal network
  • Gaps in logging
  • Response of the blue team

Other Scenarios

Red teaming assessments are freely customizable projects. Does your company have other requirements or do you have a specific attack path in mind? We will gladly take your necessary organizational circumstances and requests into consideration and design a tailor-made solution for your company as part of a workshop.


Red Teaming Without Social Engineering

A red teaming assessment would usually include social engineering attack vectors. However, these can prove to be difficult to implement in individual cases due to internal policies and the organizational culture. For this reason, it is also possible to conduct a purely technical red teaming assessment with no social engineering.

 

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

GET IN TOUCH

+49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours

+49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number