Red Team is known for performing penetration testing and other services, where the team explores possible weaknesses in your business’s cybersecurity. The simulation verifies the effectiveness of the implemented controls and is essential for the security maturity of the companies, making it possible to anticipate possible attacks and helping to obtain compliance with the main cybersecurity rules and laws.
Having a safe environment is not limited to using the best tools available on the market. In fact, it is possible (and likely) that vulnerabilities exist in your company’s organizational environment. Through the Red Team services, these problems are mapped and recommendations are made on how to solve these respective vulnerabilities, prioritizing the most critical ones.
Entendemos segurança como um meio, e não como um fim. Enxergamos segurança como um processo que precisa ser constantemente revisitado, em atualizações e mudanças recorrentes, e que está sempre se reinventando. Isso porque segurança precisa ser muito mais dinâmica e veloz nas mudanças para não ficar para trás dos cibercriminosos.
Neste mesmo contexto, conscientizamos profissionais acerca do tema segurança da informação, utilizando ações como:
To be really effective, the PROOF’s Red Team has highly qualified professionals, having discovered hundreds of flaws and vulnerabilities in the last pentests carried out for companies from the most diverse segments.
The PROOF’s Red Team uses the following steps to perform a pentest:
The scope definition is done with the objective of directing the tests to the most critical applications of the client, aiming to extract the best possible result for the project.
This step is one of the most critical, and consists of collecting as much information as possible about the target. This is done through the use of public tools, utilizing Open Source Intelligence (OSINT). The objective is to gather information about the target’s employees, technologies, branches, partners and environment. Through the analysis of the acquired data, it is possible to have a broader view of the target to define the attack vectors, based on the possibilities of exploitation.
Vulnerability enumeration starts the critical phase of the execution step. The consultant will interact with the infrastructure and services identified in the recognition step. Here, a more accurate identification of used software versions is made and a search for possible vulnerabilities is carried out, in addition to port scanning. At this stage, consultants also look at possible scenarios that could be used as a pretext for future social engineering attacks.
Achieving effective results involves target-specific planning, considering the information collected at the recognition and enumeration stages. This usually includes: creating tools for exploitation, dictionaries with keywords referring to the target’s business, password dictionaries to be used in brute force attacks, preparation of services that will be used during the exploitation and development of malwares.
In this step, the objective is to compromise servers, applications, networks, bypass defense controls, etc. It is also where targeted or mass social engineering attacks occur, whether in person, via email, phone, chat apps or SMS. The exploit step is the first step into the target’s network, where it allows preparation for the next phase of privilege escalation and malware installation. After escalating privileges and, to ensure that remote access to exploited systems is stable and reliable, consultants use tools such as custom backdoors, task scheduling, adding users and keys to records, among other techniques. This is done so that the consultants can obtain relevant results to the project.
With persistence established through access to accounts and computers, at this stage the team will achieve the goals agreed with the client. This happens through lateral movements throughout the customer’s digital environment. From compromised systems or accounts, evidence is captured in photos, videos and audios. Usually with the success of this step, the team extracts critical data and information from the customer, with the objective of highlighting the exploited vulnerabilities and recommending improvements.
Upon completion of the project testing phase, an analysis is carried out on the identified points, where the main security controls to be taken to assist in the correction of vulnerabilities are listed, based on the best security practices and methodologies of the market, also considering the many years of experience accumulated by PROOF. Points for improvement and mitigation based on good practices are raised, aiming to increase the customer’s maturity in cybersecurity.
If you answered “NO” to any of these questions, we can help.