ETHICAL HACKING

Red Team Assessment

Test yourself with Red Team Assessment
and get ready to face any digital threat

>_ What to expect

Red Team Assessment is an advanced simulation of cyberattacks conducted by a security group external to your organization.

This evaluation uses the tactics of hackers, state and military actors to test the effectiveness of your security measures in a safe and controlled manner. You gain a realistic view of your defenses and weaknesses.

A Red Team Assessment activity builds upon the principles of a penetration test and takes them to the next level. The fundamental difference lies in the approach, which involves multiple and continuous attack vectors and provides an opportunity for the company to assess its ability to confront, detect, and counter technologically advanced and innovative threats used in the real world by well-known "threat actors."

The extended duration of the Red Team Assessment service allows for increased realism in the simulation, enabling the utilization of opportunistic scenarios and the implementation of sophisticated, precise, and customized attack techniques tailored to the client's corporate reality, thereby maintaining a high and sustained level of motivation for the company's defense personnel.

KICKOFF
Scope

Definition of systems under examination and rules of engagement.
Preparation and signing of the indemnity document.

OSINT
Passive Enumeration

Enumeration of employees, metadata, internet domains, compromised credentials, tenant or 365.

INTERNET
External Perimeter

Active analysis of internet domains, password-based attacks.
Network scans and search for known and unknown vulnerabilities on exposed services.

DEFINING VECTORS
Planning

Attack vectors, phishing, vishing, smishing, and physical access to premises.

INTRANET
Internal Network

Enumeration of systems, Active Directory, configurations, and vulnerabilities.
Privilege escalation-oriented attacks on the local forest.

CLOUD
AzureAD

Exploring attack paths and attempts to escalate to the highest Global Admin privileges.

REPORT
Results Presentation

Executive and technical report with analysis and details on the reproducibility of identified criticalities, classified with CWE and CVSS references.