Offensive Services
What is Red Teaming?
Our skilled offensive specialists engage in a safe and controlled testing of your security systems, identifying and exploiting potential weaknesses.
Red Teaming distinguishes itself from traditional penetration tests by employing advanced, non-standard tools and techniques on top of traditional tooling.
Technical flaws are secondary to understanding how a threat was able to impact your organization, this knowledge prevents real exploits.
For further deliverables, please see our service description
Why you need it
For further deliverables, please see our service description
How it works
Real attack techniques
Red Teaming Methods
Phishing, simulated malware payloads, and social engineering are a few examples of Red Teaming exercises.
Thorough Exploration
For further deliverables, please see our service description
What is Assume Breach?
As the name suggests, Assume Breach presumes our team has made it past your perimeter defenses.
An Assume Breach is designed to evaluate your current security posture for when your external perimeter has been breached.
The result can then be used to strengthen your infrastructure configuration or to tune your detection capabilities and assist you in creating a future roadmap that will have the greatest impact.
For further deliverables, please see our service description
Why you need it
For further deliverables, please see our service description
How it works
In addition to this, the company will receive a full overview of the actions performed by Banshie, which can be mapped to the MITRE ATT&CK framework.
These mappings can be used as part of the MITRE ATT&CK Service or internally to map out and document areas of improvement against future threats.
For further deliverables, please see our service description
What is Attack Path Mapping?
Threat actors continuously seek to breach corporate IT systems. Effectively defending against the unknown and unseen is challenging. However, we have tools that help. Monitoring internal attack surfaces is an invaluable tool in ensuring you’re always ahead of the attackers.
Attack Path Mapping identifies weaknesses and “negative business events” that could disrupt or compromise the client’s business. The test involves anything from data theft or destruction, ransomware deployments to long-term persistent access to the estate, and is designed and executed in collaboration with the client.
By focusing on key objectives rather than technological auditing, we’re able to take a holistic view on your security, mapping out any and all threat vectors, and guiding you to plug them.
For further deliverables, please see our service description
Why you need it
For further deliverables, please see our service description
How it works
Attack Path Mapping focuses on objectives, disregarding the technology. By taking this approach, we’re able to identify as many attack paths as possible for any given objective, rather than being constrained or fall victim to tunnel-vision as in a Red Team engagement. See the below graphic for a breakdown of example stages of our attack path mapping service.
Potential attack paths are designed based on input from the client, and are then technically validated in full visibility of the client’s detective function. Exploitation is performed in a coordinated fashion with the client, to ensure that validation efforts get maximum coverage, without risking disruptions to operations.
High-level strategic recommendations are provided based on this work, to resolve issues at their root rather than engaging in whack-a-mole patching and fixes.
Attack Path Objectives
Some examples of attack path objectives:
- Disrupt internal phone services.
- Access personally indentifable information.
- Demonstrate access to confidential emails (emails will not actually be accessed due to letter secrecy laws).
- Deploy (benign) ransomware.
- Modify content on a public website.
- Conduct SWIFT payments (for international banks).
- Bypass the Four Eyes Principle (for financial trading platforms).
- Tamper with Automated Teller Machines (for bank operators).
- Deploy crypto miners in the cloud.
For further deliverables, please see our service description
What is Penetration Testing?
Our experienced offensive specialists conduct secure and controlled tests on your security systems, pinpointing and exploiting potential vulnerabilities.
Penetration testing encompasses a broad spectrum of offensive services that aren’t covered by our other offerings. We collaborate with clients to tailor a customized scope of work, precisely aligning our offensive services with your unique requirements.
See our “How It Works” section for examples.
For further deliverables, please see our service description
Why you need it
Test your organizations preventative and detective capabilities, and resilience against modern advanced attackers targeting a multitude of assets.
A focus is put on identifying vulnerabilities and weaknesses, preventing exploitation and training your Blue Team (defence) against future hacks.
For further deliverables, please see our service description
How it works
Penetration testing is a catch-all term for offensive services. It can involve any part of Red Teaming, Assumed Breach, Attack Path Mapping, and Cloud Security Assessments, as well as many other offensive services.
Our penetration testing is fully customisable, we can tailor the approach to completely fit your needs.
Examples of Penetration Testing
These are areas of penetration testing that don’t fall under our other services but that we are able and experienced in delivering.
For further deliverables, please see our service description
What is Penetration Testing?
The cloud environment is constantly changing, making it difficult to rapidly detect and respond to threats.
Cloud security assessments help identify and assess risks associated with the cloud environment, allowing organisations to prioritise and address the most critical vulnerabilities.
You get a clear understanding of the risks and vulnerabilities they face with the services exposed to the Internet, and the possible implications of an account being compromised,
For further deliverables, please see our service description
Why you need it
For further deliverables, please see our service description
How it works
Banshie will test both as an unauthenticated (anonymous) user, meaning anyone from the Internet who can interact with the cloud services, and as a logged-in user.
Based on the risk appetite and the number of users/privileges available, a more in-depth analysis can be performed. At the basic level, an assessment uses a read-only account which allows us the check for insecure configurations, and report potential attack paths.
An in-depth analysis uses a more granular approach where multiple users accounts with different roles are provided for the testing. These roles replicate the same permissions that users of the company have (i.e.: developer, accountant, HR, etc.).
This makes it possible to evaluate the permissions and controls in place, and what the risks associated with any of these accounts being compromised are.
Banshie always uses techniques and tools used by real attackers, to demonstrate exploitable vulnerabilities and effective defenses present in the current estate. This will give an overview of which areas need to improve, and validate those that are sufficient.
For further deliverables, please see our service description
Other Services
Modern and decisively focused, our services are powered by an elite team of cyber security experts.
Reach Out
Our mission is to help companies prevent, detect and respond to breaches, and help secure their data. We offer honest, straightforward advice, and guide you to a more secure company.