Real-life assessments to evaluate prevention, detection, and response capabilities
If you measure the success of security operations by efficiency metrics alone, you fail to answer an important question that all security managers must answer: How well are people and controls preventing, detecting, and responding to cyber threats?
Scenario-based testing, conducted by Penteor's experienced team of consultants, can help verify the true effectiveness of your organization's capabilities. This is done by simulating a wide range of attack tactics and making recommendations to improve the protection of key assets.
The goal of Adversary Testing is to demonstrate the impact of a vulnerability on a host that propagates throughout the network and attempts to gain a privileged level of access within the enterprise network, typically "domain administrator". Testing includes vulnerability exploitation, username and password detection, lateral movement between connected and trusted systems within the test area and demonstrating evasion from compromised hosts. The goal is to illustrate the concept that "a chain is only as strong as its weakest link" and uncover security vulnerabilities that are not revealed by per-host vulnerability assessment or penetration testing.
Scenario-based testing is a specialized form of offensive security assessment. Unlike traditional penetration testing, which focuses on detecting vulnerabilities, scenario-based testing is used to compare the performance of cybersecurity controls against specific attacker tactics and behaviors.
Check the effectiveness of your security operations team.
Scenario-based testing is commonly used to assess your organization's ability to prevent, detect, and respond to threats. Unlike a Red Team Operation, which involves recreating a full-scale cyberattack, a scenario-based test is a more targeted type of assessment that often focuses on a specific attack tactic. Regular scenario-based testing creates a culture of continuous improvement and ensures that your security team is better prepared to address current and emerging threats.
Scenarios and tactics that our consultants can replicate include:
The MITRE ATT&CK™ framework
Gaining a foothold in the target network using tactics such as spear phishing and supply-chain compromise.
Executing code on a target system once access has been obtained. Includes the abuse of legitimate applications and systems such as Control Panel items and PowerShell.
Increasing permission levels to access additional parts of a compromised network through techniques such as hooking, process injection and access token manipulation.
Avoiding detection through techniques such as the disablement of security defences, prevention of endpoint inspection or bypassing of application whitelisting.
Seeking to gain access to or control a system or domain by obtaining legitimate credentials, including the use of brute force and credential dumping.
Acquiring knowledge of target systems and networks. Includes account, application, browser and directory reconnaissance techniques.
Traversing a network and gaining control of remote systems. Includes Pass the Ticket (PtT) and remote service effects techniques.
Identifying and gathering sensitive information through audio, keystroke, screen and video capture.
Removing files and information from the target network, often using a combination of compression, encryption and legitimate protocol abuse.
Establishing communication with target systems through the abuse of existing, legitimate protocols.