Security Advisory Services from BT: Assume breach

Overview

Our team of ethical hackers can verify whether your protection, detection, and response mechanisms are implemented properly. Then, we’ll work with you to discover and fix any vulnerabilities, in order to protect your business. In other words, we’ll pinpoint any issues before the cybercriminals do.

How it works:

• We gather information: We’ll work with you to establish an attack scenario that you’d like to test. Common scenarios we often work on are insider attacks, an end user being the victim of malware, a service or account being compromised, or a rogue device connecting on your network. Once all systems and accounts are in place, we’ll review the system configuration and user privileges. We’ll then interrogate the local system to identify installed software and configuration details, which may allow for escalation.

• We investigate: We’ll look at any special user access levels – like file permissions, shares, ability to run software, and other domain privileges. This will allow us to develop a plan of attack unique to each test. This phase may include processing passwords / password hashes, tokens, and other methods of authentication. Using the processed system as a staging ground, we’ll investigate the network associated with the device. This might include anything from sniffing, to spoofing attacks to try and get additional network and domain information for further attacks.

• We test: Next, we’ll attempt to escalate privileges using the data obtained from our examination of your system. We’ll use various techniques based on the operating systems targets and software installed. The goal of this phase is to access critical domain or system information, increasing the permission level of the attacker on the system and throughout the target’s network. This process may include running code as a user, rebooting a system or device, and altering local configurations during the attack process.

• We verify: We’ll attempt to move laterally through the network with credentials or other mechanisms of trust established during the previous phases. We then try to access other systems and network devices to expand the attack’s sphere of influence. We’ll repeat the examination phase for any system discovered until all systems are covered.

Deliverables

The results from this process will then be reviewed and collated into an ‘Assume breach’ report for you which will detail our findings against the selected scenario's from the following:

• Attack scenario one – Inside attack: We’ll act as a malicious employee working within your office. This could be at any user or rights level.
• Attack scenario two – Malware deployment: Simulates an end user somehow being the victim of malware – which can be ‘delivered’ during a physical penetration, phishing attack, or just by opening a ‘trojaned’ file from a memory stick.
• Attack scenario three – Compromised service: A service has been exploited on a system providing an attacker a foothold. A common example would be a compromised web or network service located on the network.
• Attack scenario four – Compromised account: A user’s account (username and password) has been exposed leading to ‘other’ potential attack avenues, including impersonation social engineering attacks.
• Attack scenario five – Rogue device: Someone has compromised your office and connected a rogue device on your network. This can be a wireless access point or a device which uses a SSL connection to give network access to an intruder via the internet.

*This service can include an assessment of the security posture within your AWS environment.