• Home

  • Documents

  • IS YOUR ORGANISATION PREPARED FOR A REAL CYBER ATTACK? ducting Red Teaming tests. We have learned to...
2
Red Teaming is a term which originated from the military world. In a Red Team scenario, the Red Team thinks and acts as an attacker, which makes the detection of vulnerabilities possible in either an offensive method or a defensive strategy. This technique can be adapted well to applications out- side of the military realm, and has therefore found its way into IT security. Entities, such as criminals, malicious employees, industrial spies or foreign powers, might be inter- ested in your organisation’s valuable information or financial assets. Digital attacks, to acquire these assets, are increasingly being applied instead of tra- ditional physical acts of forced entry. Digital attacks are easier, cheaper, and lower risk for attackers. Madison Gurkha has years of experience in con- ducting Red Teaming tests. We have learned to think like malicious entities, and can simulate a re- alistic attack by using of a combination of attack methods, such as social engineering (exploiting human weaknesses), advanced malware and pen- etration testing. These attacks will expose many, if not all, weaknesses in your organisation’s human, procedural, technical and physical security. Approach In a Red Teaming attack, Madison Gurkha employs an approach based on a standard that was jointly developed by us and the financial sector. This ap- proach includes the following phases: Scoping & Initiation The first step is to jointly establish the scope of the attack, as well as the main company assets that should be the target of the attack. In this phase, we also agree on the rules of engagement that the Red Team must abide to. Threat Intelligence In this second phase, we develop realistic scenari- os that are most likely to allow us to reach the main company assets. Depending on the agreed scenar- ios, we collect information about the organisation, employees, procedures, physical locations and IT assets in use. It is also possible for the client to par- tially provide this information. Red Teaming/Execution By leveraging the previously gathered information, Madison Gurkha executes the attacks to acquire the main company assets. During the attack phase, we employ different tech- niques, such as social engineering, to gain access to a building or an employee’s computer, advanced To what extent is your organisation prepared for realistic attacks? There is only one way to find out: by conducting a Red Teaming test. Your Security is Our Business IS YOUR ORGANISATION PREPARED FOR A REAL CYBER ATTACK? RED TEAMING

IS YOUR ORGANISATION PREPARED FOR A REAL CYBER ATTACK? ducting Red Teaming tests. We have learned to think like malicious entities, and can simulate a re-alistic attack by using of

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: IS YOUR ORGANISATION PREPARED FOR A REAL CYBER ATTACK? ducting Red Teaming tests. We have learned to think like malicious entities, and can simulate a re-alistic attack by using of

Red Teaming is a term which originated from the military world. In a Red Team scenario, the Red Team thinks and acts as an attacker, which makes the detection of vulnerabilities possible in either an offensive method or a defensive strategy. This technique can be adapted well to applications out-side of the military realm, and has therefore found its way into IT security.

Entities, such as criminals, malicious employees, industrial spies or foreign powers, might be inter-ested in your organisation’s valuable information or financial assets. Digital attacks, to acquire these assets, are increasingly being applied instead of tra-ditional physical acts of forced entry. Digital attacks are easier, cheaper, and lower risk for attackers.

Madison Gurkha has years of experience in con-ducting Red Teaming tests. We have learned to think like malicious entities, and can simulate a re-alistic attack by using of a combination of attack methods, such as social engineering (exploiting human weaknesses), advanced malware and pen-etration testing. These attacks will expose many, if not all, weaknesses in your organisation’s human, procedural, technical and physical security.

ApproachIn a Red Teaming attack, Madison Gurkha employs an approach based on a standard that was jointly developed by us and the financial sector. This ap-proach includes the following phases:

Scoping & InitiationThe first step is to jointly establish the scope of the attack, as well as the main company assets that should be the target of the attack. In this phase, we also agree on the rules of engagement that the Red Team must abide to.

Threat IntelligenceIn this second phase, we develop realistic scenari-os that are most likely to allow us to reach the main company assets. Depending on the agreed scenar-ios, we collect information about the organisation, employees, procedures, physical locations and IT assets in use. It is also possible for the client to par-tially provide this information.

Red Teaming/ExecutionBy leveraging the previously gathered information, Madison Gurkha executes the attacks to acquire the main company assets.During the attack phase, we employ different tech-niques, such as social engineering, to gain access to a building or an employee’s computer, advanced

To what extent is

your organisation

prepared for realistic

attacks? There is

only one way to find

out: by conducting a

Red Teaming test.

Your Security is Our Business

IS YOUR ORGANISATION PREPARED FOR A REAL CYBER ATTACK?

RED TEAMING

Page 2: IS YOUR ORGANISATION PREPARED FOR A REAL CYBER ATTACK? ducting Red Teaming tests. We have learned to think like malicious entities, and can simulate a re-alistic attack by using of

malware (Advanced Persistent Threats) and pen-etration testing. Information that is acquired in this phase can also be used to design new scenarios that might bring the Red Team closer to the organi-sation’s main company assets.

Blue Team evaluationIf desired, Madison Gurkha is able to pay special at-tention to the evaluation of the Blue Team. In such a scenario it would consider questions such as: did

your system and network administrators or Secu-rity Operations Center (SOC) notice the attack? Did our attack leave any traces? How could your de-fense and detection system be improved? What is the state of your ‘forensic readiness’? How did the team respond to alerts and incidents? If the attack went by unnoticed, this scenario is very useful to test incident response (planning) at a later date.

ReportingAt this phase, we submit our findings in a written report, as well as in a presentation with all the in-volved parties, including our client’s Write and Blue Team. Reporting takes place regularly throughout the process where necessary and, if required, on a daily basis.

ReferencesMadison Gurkha has worked in information secu-rity for over 15 years, including in fields where IT security is crucial, including:n vital infrastructuren healthcaren financen government

In these sectors, Madison Gurkha has success-fully executed many small and large Red Teaming attacks.

If you would like to know more about our services, please get in touch for a no-obligation

discussion: [email protected], +31 40 237 79 90, www.madison-gurkha.comYour Security is Our Business

“Madison Gurkha conducted

a very large Red Teaming

investigation for us. We

were impressed by their

approach and by what

they managed to achieve

in a very short time period.

Their investigation exposed

unknown weaknesses, which

we obviously remedied as

quickly as possible.”

Security officer, government ministry


Ducting Propagation

Ducting Propagation

Documents
Ancillaries GD Ducting - Microsoft before connection to GD ducting GD Ducting Modular PVC ducting system Features and benefits h Non-corrosive light, rigid PVC for simple quick installation

Ancillaries GD Ducting - Microsoft before connection to GD ducting GD Ducting Modular PVC ducting system Features and benefits h Non-corrosive light, rigid PVC for simple quick installation

Documents
Ventilation Ducting: Fabric Ducting Solutions - Prihoda

Ventilation Ducting: Fabric Ducting Solutions - Prihoda

Documents
Ducting Systems Development - Thorne and Derrick UK · Integrated Ducting Systems - IDS represents a significant development in ducting system technology, meeting the requirements

Ducting Systems Development - Thorne and Derrick UK · Integrated Ducting Systems - IDS represents a significant development in ducting system technology, meeting the requirements

Documents
HVAC ducting accessories

HVAC ducting accessories

Business
Air Ducting Complete

Air Ducting Complete

Documents
Blauberg - DUCTING & GRILLES...2 blauberg.co.uk DUCTING & GRILLES VERSION 1.1 Round Plastic Ducting Round Plastic “Flat Pack” Ducting Product code Description Disc Code List Price

Blauberg - DUCTING & GRILLES...2 blauberg.co.uk DUCTING & GRILLES VERSION 1.1 Round Plastic Ducting Round Plastic “Flat Pack” Ducting Product code Description Disc Code List Price

Documents
HVAC_Units & Ducting & Accessories

HVAC_Units & Ducting & Accessories

Documents
Ducting calculation.docx

Ducting calculation.docx

Documents
DUCTING & GRILLES CATALOGUE - Simx Newsimx.co.nz/.../PUB0128_Iss05_-_Duct_and_Grilles_Catalogue_web.pdf · & GRILLES CATALOGUE. TABLE OF CONTENTS DUCTING & GRILLS Ducting Label Guide

DUCTING & GRILLES CATALOGUE - Simx Newsimx.co.nz/.../PUB0128_Iss05_-_Duct_and_Grilles_Catalogue_web.pdf · & GRILLES CATALOGUE. TABLE OF CONTENTS DUCTING & GRILLS Ducting Label Guide

Documents
Ducting Standard

Ducting Standard

Documents
Ducting Design

Ducting Design

Documents
HVAC Ducting & sizing

HVAC Ducting & sizing

Documents
ELECTRICAL DUCTING

ELECTRICAL DUCTING

Documents
Ducting catalog

Ducting catalog

Business
Ducting and Ventilation

Ducting and Ventilation

Documents
FABRIC DUCTING&DIFFUSERS...3 Tailor-made Air Ducting&Diffusers 1. Operation of Fabric Ducting & Diffuser Prihoda products are usually acting as both supply air ducting (air transfer)

FABRIC DUCTING&DIFFUSERS...3 Tailor-made Air Ducting&Diffusers 1. Operation of Fabric Ducting & Diffuser Prihoda products are usually acting as both supply air ducting (air transfer)

Documents
DUCTING PIECES - NetSuite

DUCTING PIECES - NetSuite

Documents
GRP DUCTING SYSTEMS

GRP DUCTING SYSTEMS

Documents
Ducting - BerlinerLuft · Ducting Every HVAC system requires many different parts and components for efficiently transporting air. In its ducting range, BerlinerLuft. offers

Ducting - BerlinerLuft · Ducting Every HVAC system requires many different parts and components for efficiently transporting air. In its ducting range, BerlinerLuft. offers

Documents
Lindab Ventilation Ducting

Lindab Ventilation Ducting

Documents
FABRIC DUCTING&DIFFUSERS - Ventilation Ducting: Fabric ......Pressure losses of Fabric Ducting & Diffusers are very similar to those in the traditional ducting. Calculating a more

FABRIC DUCTING&DIFFUSERS - Ventilation Ducting: Fabric ......Pressure losses of Fabric Ducting & Diffusers are very similar to those in the traditional ducting. Calculating a more

Documents
Ducting Hose - MidwestHose.com

Ducting Hose - MidwestHose.com

Documents
G.I. Ducting

G.I. Ducting

Documents
Flexible ducting - Lindab

Flexible ducting - Lindab

Documents
Trane Concealed Ducting

Trane Concealed Ducting

Documents
FABRIC DUCTING&DIFFUSERS · Tailor-made Air Ducting&Diffusers Air Entry into Negative Pressure (extract) Ducting Air Transfer Ducting Perforations are used to allow extract air into

FABRIC DUCTING&DIFFUSERS · Tailor-made Air Ducting&Diffusers Air Entry into Negative Pressure (extract) Ducting Air Transfer Ducting Perforations are used to allow extract air into

Documents
Why Fabric Ducting is Better Than Conventional Metal Ducting

Why Fabric Ducting is Better Than Conventional Metal Ducting

Engineering
Ducting Systems

Ducting Systems

Documents
Eziduct Ducting Catalogue

Eziduct Ducting Catalogue

Documents