Assumed Breach - RedOps

Preparation for Internal Attacks

In IT security, we all agree that there is no such thing as 100% protection against cyber attacks. In the Assumed Breach scenario, we assume that a malicious attacker has already gained access to your internal network. Compromised trusted internal connections (Trusted Relationship or Valid Accounts) are one possible scenario. Another example is the classic internal scenario.

In the assumed breach scenario, we answer key questions about your IT security: How far can an (internal) attacker get into your network in the post-breach phase? Is it possible for an unauthorised user to access sensitive customer data and extract it via various channels? Are there any vulnerabilities or misconfigurations in Microsoft Active Directory (AD) that could lead to a compromise of your Active Directory? Are your internal defenders aware of unauthorised activity on the network and how quickly do they respond? What is your network and endpoint visibility like?

Are there vulnerabilities or misconfigurations in Microsoft Active Directory (AD) that will eventually lead to your Active Directory being compromised? Are your internal defenders aware of unauthorised activity on the network and how quickly are they responding? What is your network and endpoint visibility?

How I Proceed in the Assumed Breach Scenario

Planning | Scoping

The first step is to work with our clients to define a possible scenario for the assumed breach - this could be an internal scenario, for example. We then define possible targets - this could be the compromise of the CEO or his endpoint, the compromise of specific user accounts (e.g. system administrators) or the takeover of the Microsoft Active Directory. Ideally, as few employees as possible should be involved (white team), as this will give you a truly realistic and undistorted picture of the actual state of your current IT security and IT defence level.
Methodology | Implementation

Depending on the defined scenario, we may start as an unprivileged user on one of your Windows clients in your domain. We start with an internal discovery and get a first overview of your internal infrastructure, possible vulnerabilities, misconfigurations in Active Directory, etc. Building on this, we will attempt to achieve the defined objective in the post-breach phase. As with a red team operation, we take a strategic, considered and discreet approach to APTs.
Report | Further Development

The final report provides your organisation with critical insight into the possible attack vectors and vulnerabilities that led to compromise or goal achievement. In addition, your organisation will gain valuable information on whether the attack was noticed by IT, if so, what actions were recorded and where, what the visibility was on the network, at the endpoint, etc.

Why Assumed Breach at RedOps?

The Assumed Breach scenario follows the same process as the Red Team engagement, except that the initial access phase is omitted. With our expertise in defence evasion, we put your organisation and your defenders to the test.

RedOps takes a holistic and realistic approach. At the end of the day, you get an unbiased picture of the current state of your defenders and your technical IT security.

Responsibility and Integrity

Anyone who uses Offensive Security Services and deliberately exposes themselves to an ethical hacker attack should do so with a partner they can trust. We keep all information strictly confidential and have 100% integrity in everything we do.
Research Orientation

IT security is not a product, it is a continuous learning process. That's why we invest a lot of time in education and research. We have had the opportunity to present our findings on endpoint security at several IT security conferences.
Quality Instead of Quantity

With Red Team Services, we have turned our passion into our core competency. We do not sell products or licences, but live from our expertise in IT security. For us, quality comes before quantity.

Making sense of IT:Security

Red Teaming

A Red Team engagement gives us the opportunity to conduct a real cyber attack on your organisation. We identify the external attack surface, develop possible attack scenarios, conduct an extensive tactical intelligence gathering phase and attempt to gain initial access to the organisation's network. Through red teaming, we put your entire organisation to the test.

Penetration Test

Penetration testing focuses on the technical analysis of a specific area, environment, system, etc. As friendly hackers from the neighbourhood, we help your organisation find as many vulnerabilities as possible within the defined scope and booked time. The final pentest report forms the basis for a subsequent effective hardening process of your IT infrastructure.