What is tested
- Threat response, detection, and investigation processes
- Social engineering training processes and prevention capabilities
- Internal monitoring and detection capabilities
- Potential compromise paths
- Endpoint protection systems, policies, and configurations
- Wireless configurations and employee training on dealing with wireless attacks
Our offer
- A comprehensive framework for customer-tailored red team engagements
- A lot of time spent on internal research
- An established private tooling development process
- Additional attention paid to social engineering, OSINT, or on-site activities that are usually left out-of-scope for compliance penetration tests
- A demonstrated ability to simulate a known APT group
How we do it
Attack surface mapping
When conducting a black-box adversary simulation, the offensive operations team creates and updates a map of external assets and information related to the scope of work. They use open-source intelligence (OSINT) and active reconnaissance techniques alongside traditional penetration testing methods. The collected information includes publicly available data about the targets, external infrastructure details, and security applications in use. This comprehensive set of target objects with enriched information is continuously maintained.
Phishing
Tenendo offers two distinct methods of conducting social engineering assessments. When performed as a part of an objective-based red team engagement, phishing is used as one of the initial access methods, and thus the penetration testing team is focused on discovering a single method that would work against the target infrastructure.
When conducted separately, Tenendo prefers to dechain the phishing assessment to provide more coverage of different techniques and more transparency in remediation recommendations. The steps taken during the assessment are listed below:
- Initial access method research and development. Tenendo continuously updates private techniques and tooling, but additional research is often required to tailor the payloads and scenarios to a specific target. When conducted separately, Tenendo can test a wide variety of up-to-date methods on a corporate workstation to test detection for a number of different threats.
- Scenario development. Tenendo phishing scenarios are always custom, but can be tailored to prevalent threats in the target field.
- Mail/messaging filter evasion. When conducted as a part of a compromise chain, Tenendo sets up a lab resembling the target mail/messaging infrastructure to ensure delivery of phishing pretexts and payloads.
- Infrastructure setup. Tenendo sets up a separate infrastructure for each campaign, tailored to the specific payloads and pretexts.
- Phishing delivery. If phishing is a part of a red team engagement, scenarios are executed to gain access for further post-exploitation and lateral movement. When conducted separately, Tenendo collects comprehensive statistics on the success rate of different scenarios.
The test aims to find a way into the network, starting from external networks or gaining initial access as an employee. The goal can range from accessing target hosts and services to stealing sensitive data.
Red Teaming ENGAGEMENT
The white paper document explores the methodology, testing process, planning, preparation, and expected deliverables.
TENENDO IN-HOUSE DEVELOPMENT
PRIVATE TACTICS, TECHNIQUES, AND PROCEDURES (TTPS)
Tenendo constantly upgrades its internal toolkit to stay on top of the latest tactics, techniques and procedures.
INTERNAL RESEARCH
Tenendo’s internal processes cover research for new initial access, lateral movement, escalation or persistence methods.
KNOWLEDGE BASE
The team supports a knowledge base for techniques used in previous engagements to ensure consistent success.
ON-DEMAND TTP DEVELOPMENT
Experience in offensive-specific development allows the offensive security team to emulate an arbitrary known attacker.
The Attack Lifecycle
Reconnaissance
The team conducts external reconnaissance of the target organisation and its public-facing infrastructure
Initial compromise
The offensive operations team conducts a variety of attacks ranging from social engineering to exploitation. The ultimate goal of the step is to obtain initial access to the organisation.
Persistence, escalation, and lateral movement
The team explores opportunities for expanding access and ensuring persistence.
Achieving the objective
The privileges and access obtained are leveraged to achieve the goal of the test, like exfiltration or critical infrastructure access.
Debriefing and purple teaming
After the report is written, the team conducts the debriefing and provides recommendations. If any allocated time is left, the team works with the blue team to develop new detections and mitigation strategies.
Experience and accreditations
With more than 20 years of total experience in cybersecurity and testing, our experts hold the following certifications:
Compliance and information security:
- Certified Information Systems Auditor (CISA)
- Cisco Certified Network Associate (CCNA)
- ISO 27001 Lead Implementor
- AWS Cloud Practitioner
- Certified Cloud Security Professional (CCSP)
Test consultancy:
- ISTQB Advanced Level Test Manager (CTAL-TM)
- ISTQB Advanced Level Technical Test Analyst (CTAL-TTA)
Cyber security:
- Offensive Security Certified Professional (OSCP)
- Offensive Security macOS Researcher (OSMR)
- Offensive Security Certified Expert3 (OSCE3):
- Offensive Security Experienced Penetration Tester (OSEP)
- Offensive Security Web Expert (OSWE)
- Offensive Security Exploit Developer (OSED)
- eMAPT. Mobile Application Penetration Tester
- Certified Red Team Operator (CRTO)
- Certified Red Team Expert (CRTE)
- Hack the Box Red Team Operator: Level 1/Level 2/Level 3
- Hack the Box Pro Lab BlackSky: Hailstorm
- Cyberwarfare Labs: Certified Red Team Specialist
