Red Team/Intelligence-Led Penetration Testing

Based upon our CREST certified penetration testing service, Commissum is able to offer a bespoke Red Teaming or Intelligence-Led Penetration Testing Service.

What is Intelligence-Led Penetration Testing?

As organisations continue to leverage the advantages of interconnected, always-on technologies to remain agile and competitive, so do the attackers that seek to compromise businesses’ critical data for financial, ideological or political aims. As a result, the threat landscape is a constantly-changing environment in which adversaries modify and revise their tools and tactics on a regular basis, and organisations find themselves trying to keep pace with the latest threats.

Recognising the need for organisations to keep abreast of threats specific to their business, Commissum offers a broad range of security testing services, including bespoke red team or intelligence-led penetration testing, to enable organisations to better understand their risk profile; ensuring there is a specific focus on current risks that may exist in their business landscape. By using the same information sources, tactics and techniques as employed by likely attackers, the output of the test will more clearly indicate the resilience of the organisation to genuine attacks.

How Do We Do It?

The concept of red teaming or threat intelligence penetration testing is to undertake more realistic and specific threat based assessments of an organisation, typically over a longer period of time. The approach typically involves simulation of a more sophisticated attack that could include a range of attack vectors, including social engineering, phishing/spear phishing, malware deployment, traditional penetration, war dialling, exfiltration of data, and others.

Engagements are planned and executed together with the client making use of either the client’s threat based intelligence or that provided by independent third parties. In addition, Commissum is able to conduct specific intelligence gathering for an assignment if neither of these sources is available to the client.

The key is to plan, execute and evaluate using scenarios that test more than technology defences; the evaluation of detection and incident response being key.

Typical engagements may include, depending on the scope agreed with the client:
• Initial planning with the client
• Intelligence gathering and collating client, third party and Commissum intelligence inputs
• Risk assessment – an essential element of ensuring that the realism of the testing does not interrupt business operations unduly, and assessing the appetite for potential consequential risk
• Agreement of measurement criteria for the internal detection and response processes and assessment of the maturity of the organisation’s ability to deal with sophisticated attacks
• Agreement of “fast-forward” criteria where for time efficiency phases may be curtailed to maintain momentum
• Phased execution with agreed review points
• Internal escalation of malware deployment/penetration
• Data exfiltration
• Wash-up meetings held as agreed during the testing, and typically a workshop session at the end following delivery of the report.

We have personnel experienced in delivering such services across a range of sectors; they have the skills and knowledge required to undertake the intellectually demanding and sometimes technically difficult tasks required, within time constraints while minimising any actual risk to client systems.

Intelligence Feed

Typically we will make use of independent client acquired intelligence data or third party intelligence data as agreed with the client. Where this is not available or the client prefers, we are able to offer an additional intelligence gathering service to inform and guide the testing.

Our approach when we provide this service to the client is based on open source research carried out to determine the public footprint of the organisation, and to uncover any leakage of information that attackers could leverage in a targeted attack. Common sources of information include DNS zone files, WHOIS entries, social networks and industry forums. The information gleaned may be technical in nature, revealing details that can be used when attacking the systems and infrastructure of the organisation to be tested, or could be details that aid a social engineering attack.

In addition, information pertaining to the general threat landscape in terms of active malicious campaigns, bad actors and groups will be filtered to understand how these pieces of data pertain to the specific organisation. Membership of information-sharing organisations and special interest groups is utilised to harness threat information that is sector-specific, and organisation-specific. Any threat information that is available to the client will also be used to plan and focus the testing.

What Is It Not?

We do not look for evidence that information has already been stolen by malicious parties. For example, we are not looking to find copies of confidential designs or business plans available outside of the organisation. Instead, it is a check to determine what information a potential attacker can gather prior to attacking the organisation, and information about specific threats that may exist. This is utilised in conjunction with current techniques to create a more specialised and bespoke testing scenario.

Discover how our intelligence-led penetration testing can help you increase your security.