RED TEAM – OFFENSIVE SECURITY FOR DEFENCE
The Red Team Services offers full-scope testing. The scope covers applications, internal and external networks, facilities, and employees. Red teamers usually attack without the knowledge of the employees. The Baseel Red teamers is a team of highly-skilled security engineers with years of experience in information security. Red teamers work like real-world attackers to simulate a real criminal attack on the organization’s infrastructure. Red Team Services helps your organization to understand existing security controls, implementations, and weaknesses.
Red Teaming
AIM : Test the organization's ability to protect key assets, such as executive email and client data, against a targeted attack.
APPROACH : Emulate a real-world targeted attack, doing whatever is necessary to accomplish the goal.
CLIENT PARTICIPATION : Respond to and mitigate a targeted attack.
RED TEAM METHODOLOGY
The Red Team relies on a systematic, repeatable, and reproducible methodology. We begin by establishing the following core information and rules of engagement, agreed upon in collaboration with the organization's leadership team:
RECON
In this phase, active and passive reconnaissance is performed to gather information about the organization and its infrastructure
IDENTIFYING CRITICAL INFRASTRUCTURE
Using the information from the reconnaissance, we identify and target the organization’s critical assets and IT infrastructure.
PEN TEST TO REVEAL VULNERABILITIES
In this phase, we try to identify further security weaknesses in the identified enterprise’s assets, such as web applications, network, devices, server, etc.
PHYSICAL SECURITY AND SOCIAL ENGINEERING
In this phase, we target the organization’s physical security, such as entry gates, door locks, and office boundaries. As a red team, we try to bypass physical security by performing social engineering and other targeted attacks and exploits to bypass the existing security system.
EXPLOITATION
The Red team prepares weaponized exploits for the identified vulnerabilities and gaps in security, exploits the target, and gains access to the assets.
INITIAL COMPROMISE
Once the assets are compromised, a backdoor is set up for further exploitation and information gathering.
INTERNAL RECON
In this phase, after successfully compromising one service, the Red team performs an internal recon to identify vulnerabilities in the internal servers.
ESTABLISHING THE PERSISTENCE BACKDOOR
In this phase, to analyze the gathered data and collect further intelligence from the enterprise network, Red team members implement the backdoor.
COMPLETE THE MISSION
Once the system backdoors with full access, we prepare a detailed report, including the executive and technical information, and conclude the Red Team assessment.
Baseel accredited with certifications such as CERT-in and ISO 27001. CERT-in enables to certify the security audits for Government, the BFSI customers. Baseel provides testing and reporting to support application security compliance against PCI, HIPAA, SOC type 1 and type 2 and other regulatory requirements.Baseel can customise scanning reporting templates to support internal standards and other regulatory requirements.
ATTACK LIFECYCLE
SecureLayer7 accredited with certifications such as CERT-in and ISO 27001. CERT-in enables to certify the security audits for Government, the BFSI customers. SecureLayer7 provides testing and reporting to support application security compliance against PCI, HIPAA, SOC type 1 and type 2 and other regulatory requirements. SecureLayer7 can customise scanning reporting templates to support internal standards and other regulatory requirements.
RED TEAM ASSESSMENT PHASES
The Red Team service is customized dynamically as per the client’s requirement. Generally, the Red Team assessment is composed of the following phases:
Phase 1: Information gathering Information gathering is an essential part of the methodology. In this phase, the Read Team gathers information about facilities, employees, and IT infrastructure. The collected information consists of potential weak points and how they could be used for further exploitation of facilities and cyber defence.
Phase 2: Finding of flaws in processes The Red Team uncovers any security flaws in the security process, such as gates, data centers, restricted areas security, or the management area of office facilities. If much of the organization uses the RFID or fingerprint to access the restricted area of the facilities, the Red Team will clone the RFID with an RFID card cloner device. Then, it will connect to the internal network infrastructure to access the internal application or hosts. After a successful connection, the Red Team will perform a network enumeration to identify potential vulnerabilities in the applications.
Phase 3: Backdooring and exploitation In this phase, the Red Team focuses on backdooring the data center, network, and server. If the applications, infrastructure, and system are vulnerable, our red teamer will exploit it. Spear phishing successful attacks provides red teamers with confidential information about the organization and also helps the red teamer gather restricted information. The red teamer finds wireless devices vulnerabilities and exploits the wireless devices using discovered vulnerabilities.
Phase 4: Documentation, Findings and Recommendations At the end of testing, a report is generated that is detailed with the vulnerabilities found within the system that could compromise the organization’s critical assets. Along with that, the remediation and mitigation steps are described for the conventional and not-so-conventional vulnerabilities, respectively. This draft is presented to your team in your presence for understanding and verification purposes. This final draft will mention all the prescribed enhancements.