REDTEAMING SERVICE

Purpose

  • Execute an attack on the entire organization’s IT infrastructure to achieve customer-specific objectives. The attack can use various attack methods, such as direct attacks on the server infrastructure, the organization’s applications, member units, or even phishing attacks on users who hijack a device. From there, go deep into the intranet system.
  • The RedTeaming service aims to evaluate the current defence capabilities of an Organization’s IT system, identifying weaknesses that attackers can exploit to attack deep into the system. Another vital purpose of RedTeaming is to assess the ability of the organization’s security monitoring team to monitor and respond to cyberattacks.
  • Provide solutions to mitigate the risk of exploitation for identified vulnerabilities and weaknesses according to the attack flow.

Test list

Entire customer IT infrastructure

Implementation methods

The NCS Red Team will carry out an attack targeting the entire IT infrastructure of the customer according to a process consisting of the following steps:

  • External Reconnaissance: The step of researching the target of attack. Targets include both systems and people. Some of the information that needs to be collected at this step are:
    • Domains, IPs, services, public web applications of customers.
    • This information is for future pentesting.
    • The client’s organizational model.
    • Personal information, such as email accounts and login accounts, may be leaked to the customer’s application. Access to at least one email account increases the likelihood that phishing emails to other email addresses will succeed.
  • Initial Compromise: Attempt to execute code snippets and system statements on one or more server/workstation systems. This can be achieved by exploiting security vulnerabilities on public systems that enable RCE (Remote command execution). In addition, if necessary, phishing attacks can be carried out on users to control an internal user’s computer.
  • Establish Foothold: Use tools/techniques to establish connection points/locations that can control and control objects (objects can be servers, user computers, etc.)
    Privilege Escalation: Escalating privileges and attempting to obtain the highest traffic on the system.
  • Persistence: Ensuring continued control of the hijacked system.
  • Lateral Movement: Implementing attacks on other systems in a successfully compromised environment to capture other critical systems in the customer’s network.
  • Exfiltration: Capture screenshots of some information as evidence of the attack and successful access to sensitive data.

Outcomes Result

The results report includes the following contents:

  • Overview of purpose and scope of implementation
  • Summary of approach, method of implementation
  • Detailed results by stage of RedTeaming service implementation
  • Plan to overcome weaknesses and security vulnerabilities taken advantage of during the service implementation.
  • Recommendations to improve information security defence and monitoring

Human resources for project implementation

  • 5-7 senior-level personnel or more participate in each stage of RedTeaming described above. Implementation time depends on each specific case.

Other Services