The purpose of the exercise is to replicate the Tactics, Techniques and Procedures (TTPs) used in known attacks to measure your organisation’s ability to withstand compromise.
Red Teaming as an attack mechanism and Blue Teaming as a defensive posture can be merged to create a Purple Team – coordinating dynamic testing and defensive exercises for additional capacity building.
The attack simulation service allows the our team to use any means necessary to compromise your organisation and the attack does not need to be bound to a specific scope but rather a specific end goal.
We assume the role of an advanced threat actor and tries to compromise agreed upon infrastructure and key systems inside a network using Tactics, Techniques and Procedures employed by advanced threat actors in their compromise campaigns. It tests the defences of a network against a persistent attacker.
We perform an external stealth network intrusion and reconnaissance against the targeted organisation alongside traditional external attacks. Phishing and other social engineering methods are then employed, targeting key individuals within the organisation.
This builds on the premise that, one way or another, you will be compromised and does not care about the root cause – for example, clicking a link, browsing a website or installing a program on their computer from a dubious source.
Purple teaming is a collaborative exercise between the client and us. It involves our Foregenix team performing a set of TTP's from our Red Teaming methodology in an environment that is fully controlled and monitored by a defensive team. The defensive team can be fully manned by the client or contain analysts from our Foregenix Threat Intelligence Group (TIP).
The goal of this service is to help identify gaps in monitoring controls and model adversarial activities in their internal defensive tool set. This enhances internal capabilities and heightens the internal security of an organisation.
The final deliverable of the Purple Teaming offering is the Playbook that was executed against the monitored infrastructure.
The list of tests to be executed are agreed upon between the client and us. This is based on customer needs but can also take into consideration the overall industry the client is operating in and threat actors targeting that industry.
We model the tests and the client’s environment in its internal toolset. Any additional tests that are part of the defined Playbook are developed in this stage.
The defined tests are executed in the monitored environment.
Gaps in monitoring are identified. We can aid in guiding corrective actions as well as providing specialised Threat Intel and Forensics Analysts who can work alongside the client’s team.