ADVERSARY SERVICES

Penetration Testing

The goal of a penetration test is to exploit vulnerabilities in your environment and reveal to your organization the possibility of how an intrusion might occur. Because cyberattacks happen frequently, it is vital for an organization to pinpoint precisely its security gaps prior to an incident. Our penetration testing services leverage an Adversary Emulation methodology to identify and measure risks associated with the exploitation of the client’s attack surface. This emulation identifies attack paths by exploiting identified vulnerabilities and simulating real-world cyberattacks. These tests, all of which include technical recommendations to mitigate detected risks, can follow three pathways, depending on the client’s organizational needs.

Learn More

External Adversary

This test simulates attacks from an internal perspective on the local network and is designed to find out how many different machines, critical systems, and data are vulnerable to a breach.

Internal Adversary

This test assesses your external security controls by simulating attacks from the public internet in order to identify vulnerabilities that allow access to your internal environment.

Physical Adversary

This test attempts to identify and exploit areas of weakness related to the organization’s physical environment.

Red Team Engagement

The team leverages an Adversary Simulation methodology to understand the security operations of the client organization. This simulation of sophisticated threat actors determines how the client’s people, processes, and controls respond to a real-world attack, and is comprised of modern tactics, techniques, and procedures of threats to the client environment. Our team builds attack scenarios according to common stages of a compromise per the MITRE framework in an effort to gain access to a system by any means necessary. SpearTip will report on all successful and unsuccessful attempts, providing client organizations insight into both the strengths and gaps within their cyber security program.

Learn More

Stage 1 - Reconnaissance and OSINT

• Social Media
• Password Dumps
• Dark/Deep Web
• Social Engineering Data Collection

Stage 2 - Compromise Perimeter

• Network Probing
• Service Enumeration
• Remote Access Solutions Discovery
• IT Vendor Enumeration

Stage 3 - Establishing a Foothold

• Phishing Emails
• Custom Malware Deployment
• Credential Testing and Usage of VPN/Remote access

Stage 4 - Privilege Elevation and Lateral Movement

• Disabling of Security Tools
• Password and Hash Dumping
• Establishing Internal Targets
• Moving to Target System

Stage 5 - Crown Jewels

• Gain Access to Sensitive Systems
• Identify Target Data
(HR Files, Trade Secrets, PII, PCI, Email, etc.)
• Pool Data

Stage 6 - Exfiltration

• Circumvent Outbound Network Filter
• Test Sending of Outbound Data

Stage 7 - Cleaning Up

• Removal of Malware
• Clearing of Log Files

Stage 8 - Long Term Persistence

• Establish “Legitimate” Backdoor
• Creation of Dedicated User Accounts

Project Workflow

Phase 1 | Reconnaissance

SpearTip scans systems and networks related to your environment and examines for publicly available data to identify vulnerable systems or other potential targets.

Phase 2 | Exploitation

SpearTip leverages data discovered during the reconnaissance phase and, with client approval, attempts to exploit vulnerable services. Where relevant, SpearTip’s assessors also attempt to access the internal network leveraging an exploit or move laterally within the environment.

Phase 3 | Validation

SpearTip examines the technical data and validates all findings. This ensures that false positive findings are filtered out of the final reports. The analysis includes the discovery of compensating security controls that could affect the criticality rating of a discovered vulnerability.

Phase 4 | Deliverables

Finalized deliverables are presented to and reviewed with the client.

Phase 5 | Feedback

The client provides feedback and asks questions about the deliverables and findings of the engagement.

Phase 6 | Rescan

After the client has an opportunity to resolve relevant vulnerabilities and provide engagement feedback, SpearTip rescans the environment to provide evidence that discovered vulnerabilities have been remediated.