Services

We enumerate your systems and services to identify vulnerabilities that put your organization at risk. Our goals are not technical wins but goals focused around you, your data, and your processes. This is not a commodity penetration test; instead, it is customized for your organization. We report on the issues that pose an actual risk to your organization.

A small compromise can have significant consequences. We start as a low privileged user and move through the network in an attempt to access the data that matters to you. This assessment simulates that of a compromised internal host/user, or a rogue trusted insider. Assumed Breach more closely resembles the current threats than the traditional penetration test.

A goal-based assessment where we attack just like a real-world adversary. This includes external attacks and targeted phishing to demonstrate the real risk to your data. We test your defenders (people) as well as the defenses (technology). Detection and response is a critical aspect of a well-rounded defense.

We use a blended approach to analyze organizational ability to defend against a ransomware attack. This test identifies gaps in perimeter defenses that may allow attackers to gain access to the organization and your data. Our testers identify assets that can be reached and modified by ransomware. After establishing a foothold on an internal host, Red Siege assesses an attacker’s ability to execute payloads on and exfiltrate data from a protected endpoint system modelling the tactics, techniques, and procedures (TTPs) of real threat actors.

An in-depth analysis of your web application and APIs to find security issues related to programming errors, misconfigurations, and application architectural issues. We will perform automated and manual runtime analysis of your application to identify more than just a scanner. Our testing includes custom test cases to fuzz your application and find the faults before the bad guys do.

We look at your mobile application and the associated infrastructure to find configuration weaknesses, server-side issues, insecure authentication and access control, and other issues related to the latest attacks on mobile applications.

This engagement is designed to test and train the Blue Team. We can work with or without an in-house Red Team. We’ll work with your defenders to document and measure detection and response capabilities.