How We Do It
RedSpy365 utilizes best-of-breed tools, data, and certified experts to identify risks that impact your organization. RedSpy365 uses modern tactics, techniques, and procedures, as used by hackers, to pinpoint the most likely attack path scenario. Trained analysts create automatic bots and use advanced tools to deliver actionable intelligence reports, allowing decision makers to allocate appropriate resources for defense.
Penetration Testing is the cornerstone of many industry standard compliance regulations including HIPAA, PCI, SOX and SOXII. As a common business prerequisite, penetration testing identifies risk – and the impact of that risk – to each organization. Traditional penetration testing takes a snapshot, or “point-in-time” look, at an environment’s security posture. While a good starting point, those single instance tests cannot keep pace with the rapid changes occurring daily in cybersecurity.
Simple technical changes that an organization processes on any given day can inherently increase or decrease this risk—sometimes with devastating consequence. And sometimes with devastating consequence. RedSpy365 can identify each exposed risk, sometimes instantly. While not many organizations could withstand a dedicated, nation-state powered cyberattack, most would agree that their biggest worry is making a temporary mistake, misconfiguration or technical failure that inadvertently leads to a breach, and from there to the front page of the local, or even national, news.
Identifying New Attack Paths
RedSpy365 analysts have recognized temporary mistakes and misconfigurations that expose data and systems, identified new attack paths that jeopardize internal sensitive data via phishing, and responded to new disclosures that have been reported in the news. They continuously report the status to the organization with the sole aim of making that organization more secure. Knowledge is power.
Once a new risk has been identified, the RedSpy365 analysts work to determine the impact. Sometimes the initial risk seems trivial, but with certified experts able to leverage technology, what may appear to be small, may expose the organization’s crown jewels. Armed with this information, the RedSpy365 analysts can impart this information to the organization helping them understand the risk and what the next steps should be.
RedSpy365 also can do much more by introducing advanced attacks using Red Team tactics, modern malware, and threat simulations to identify complicated risks that the organization can begin to remediate. Whether it be sophisticated phishing attacks or current web application exploits, RedSpy365 can expose the dangers you have. What it doesn’t know about, an organization cannot begin to fix.
RedSpy365 can be a hands-off service with no client involvement, relying on RedSpy365 analysts to continuous hunt for risks and alerting clients when found. Other more mature security departments like to have knowledge transfer and work closely with analysts to devise new threat simulations and Red Teaming actions. Penetration Testing is the cornerstone of many industry standard compliance regulations including HIPAA, PCI, SOX and SOXII. Often required as a business prerequisite, penetration testing identifies risk – and the impact of that risk – to each organization. Traditional penetration testing takes a snapshot, or “point-in-time” look, at an environment’s security posture. While a good starting point, those single instance tests cannot keep pace with the rapid changes occurring daily in cybersecurity.
How We Do It
Examples of RedSpy365 Workflow
New System Compromised - Example
The following illustration shows the steps in a typical discovery-to-compromise exercise. In this scenario, a new system is noted as it comes online. Once discovered, an automated vulnerability scan is triggered. The completed scan results are parsed via the IRC channel where a bot is triggered to compromise the system automatically. Post-exploitation actions can occur automatically but, often at this point, a pause is included to notify the client and determine whether additional exploitation is acceptable. With approval in advance, a client has the option to bypass this notification, therefore, allow bots to begin automatically after the exploitation. At every stage of each event, notifications are sent to both the analyst and client. Once complete, RedSpy365 analysts offers suggestions to address the issues found.
Phishing Malicious Payload - Example
The graphic below displays the process of a typical phishing email campaign. In this scenario, a fictitious email, designed to look legitimate yet containing a malicious payload, is sent out to a user. When the link within the email is clicked, it releases the payload. This creates a trigger event, which once recorded, alerts both the analyst and the client. After the user downloads the destructive content and it is executed, a reverse shell is created from the victim’s machine and sent to the RedSpy365 service. This creates the next trigger event, and once again, alerts client and analyst. At this point, the analyst would contact the organization to determine the permissibility of further testing. It is also important to discover whether the organization can detect the compromise and, if not, learn how to detect the attack vector. Post-exploitation can be automated if permission has been granted in advance. Lateral movement will commence once approved and further exploitation and vulnerabilities will be noted. RedSpy365 analysts provide solution advice for future prevention.