Red Siege is an information security company focusing on real world threats to you and your organization.
We enumerate your systems and services to identify vulnerabilities that put your organization at risk. Our goals are not technical wins but goals focused around you, your data, and your processes. This is not a commodity penetration test; instead, it is customized for your organization. We report on the issues that pose an actual risk to your organization.
Assumed Breach Assessment
A small compromise can have significant consequences. We start as a low privileged user and move through the network in an attempt to access the data that matters to you. This assessment simulates that of a compromised internal host/user, or a rogue trusted insider. Assumed Breach more closely resembles the current threats than the traditional penetration test.
Red Team & Adversary Emmulation
A goal-based assessment where we attack just like a real-world adversary. This includes external attacks and targeted phishing to demonstrate the real risk to your data. We test your defenders (people) as well as the defenses (technology). Detection and response is a critical aspect of a well-rounded defense.
Ransomware Readiness Assessment
We use a blended approach to analyze organizational ability to defend against a ransomware attack. This test identifies gaps in perimeter defenses that may allow attackers to gain access to the organization and your data. Our testers identify assets that can be reached and modified by ransomware. After establishing a foothold on an internal host, Red Siege assesses an attacker’s ability to execute payloads on and exfiltrate data from a protected endpoint system modelling the tactics, techniques, and procedures (TTPs) of real threat actors.
Web Application Penetration Testing
An in-depth analysis of your web application and APIs to find security issues related to programming errors, misconfigurations, and application architectural issues. We will perform automated and manual runtime analysis of your application to identify more than just a scanner. Our testing includes custom test cases to fuzz your application and find the faults before the bad guys do.
Mobile Application Assessment
We look at your mobile application and the associated infrastructure to find configuration weaknesses, server-side issues, insecure authentication and access control, and other issues related to the latest attacks on mobile applications.
This engagement is designed to test and train the Blue Team. We can work with or without an in-house Red Team. We’ll work with your defenders to document and measure detection and response capabilities.
What We Do
What data if lost, stolen, or compromised would have the greatest impact on your organization? This is always our very first question. We focus on your unique needs instead of just “winning” the penetration test.
Find Out What’s Next
Stay in the loop with our upcoming events.