Test your security posture
Whether it’s ensuring the money you’ve spent on cyber security delivers the desired results—or validating your current security team’s ability to identify and withstand an attack—information is always the key to success.
Educate yourself. Constantly.
The rule for any organization is to make sure you are always informed about your security posture. The best way to test your security capabilities is through a comprehensive Red Team Assessment that simulates a real-world attack on your organization. Most importantly, partner with highly trained experts who can address hardware, software, cloud infrastructure, and human vulnerabilities.
Welcome to Your Red Team Assessment
This isn’t your average penetration test.
These goal-oriented exercises will target specific systems using the same methods as Advanced Persistent Threat (APT) groups. If your organization is ready to test the maturity of your security program, we can provide the advanced technical, physical, and social-engineering attack capabilities required.
Our Red Team Assessments start with a fully bespoke roadmap, ensuring that we address your highly unique requirements. The steps we take include:
PHASE ONE:
Open Source Intelligence (OSINT)
We gather Open Source Intelligence from web locations including the open web, deep web and dark web. This web data is then analyzed to find information that can be leveraged during an attack.
PHASE TWO:
Phishing, Social Engineering & Internal System Mapping
We target individuals and business units with one of three campaigns.
- Phishing: Customized and targeted phishing emails to lure targets to click links and obtain credentials, browsers, and system data.
- Social Engineering: The deployment of security researchers to on-site, in-scope targeted locations— and placing a focus on social engineering techniques— to plant discrete devices and obtain a foothold within the network.
- Internal System Mapping: Upon establishing stable persistence on the target networks, Cycura begins mapping internal systems.
PHASE THREE:
Pivoting
With the targeted internal networks mapped, our team pivots across systems to gain a further foothold and identify your in-scope hosted data. If web applications are in-scope for the Red Team Assessment, external attacks are performed against the target URLs to determine the presence of any vulnerabilities. It's at this stage that we begin data exfiltration—exfiltrating your sensitive data that pertains to your in-scope objectives, including product data, client data, organizational data, and more.
PHASE FOUR:
Analysis & Reporting
Once we have analyzed all data garnered from the first three phases, we generate a comprehensive final report that details the overall security posture of your infrastructure and applications.