Our security controls assessment focuses on identifying gaps and misconfiguration in security controls that may increase the risk from a network-based attack of a compromised system or user.

Testing covers a broad range of scenarios, ranging from unauthenticated and on the network to performing an assumed breached exercises. Testing will look to gauge the effectiveness of your processes and security controls in preventing such attacks, with the following example highlighting Tactics, Techniques and Procedures (TTPs) activities that may be carried out during an attack phase.

Project Phases

1. Initial Scope Call.
2. Pre-Engagement Workshop with Stakeholders
3. Execute scenarios: Attack Phase
4. Perform configuration reviews
5. Collaboration with in-house teams on remediation
6. Report Delivery
7. Debrief Workshop with Stakeholders

As part of the attack phase, we collaborate with the relevant teams in your business to help inform, and enhance your security posture and response, with next steps to review your technical processes and configurations in-place to provide recommendations on implementing secure configurations and address gaps in your security.

The following is an example of activities that may be carried out from an assumed breach scenario:

• Enumeration and discovery activities
• Retrieval of data from shares and resources
• Egress beaconing
• Password attacks
• Introduce malevolent payloads and tooling
• Elevate privileges and execute arbitrary code
• Exfiltration of data

Our consultants are dedicated to helping you secure your systems and protect your business against security threats. Start Making It Secure and reach out today to learn more about our services and how we can assist you in improving your security controls.