EDR product’s effectiveness evaluation
Evaluating EDR Product against Threat Actors: Uncovering Limitations and Collaboration for Enhanced Detection of Multiple Killchains.
Social engineering is an attack that requires human interaction, persuading employees of the target company to act, such as opening a malicious document, or providing authentication credentials.
While the social engineering delivery method is usually assumed to be email, many other channels such as SMS messages, calls, or social media may be used in the assessment. During the test, spearphishing attacks are preferred, where a user’s personal information and position in the company are used to enhance a pretexting scenario, improving the success rate.
Usually, social engineering attacks are carried as a part of an adversary simulation assessment.
Social engineering assessments are very different between customers, but we use a repeatable and reliable structure for our tests. The step-by-step approach ensures consistency in key areas while being flexible enough to account for different attack environments and scenarios.
During the initial stage of the social engineering assessment, a list of potential targets is created, detailing phone numbers, names, emails, positions in the company, and any available additional info. Also, a list of applications and services suitable for cloning to use in phishing attacks is developed. The company’s infrastructure is researched to learn about used phishing countermeasures, antivirus programs, and potential vulnerabilities in the infrastructure that require social engineering to exploit.
Utilizing the knowledge gained at the previous stage, attack scenarios are developed. Preparing an attack scenario requires creating unique email templates, malicious payloads, phishing websites, and call scenarios. The attack infrastructure is set up to support various listeners, file transfer services, email servers, and phishing backend. Each scenario is then thoroughly tested on a virtual infrastructure emulating the customer’s security setup. For onsite assessments, payloads and exploitation devices are created and tested.
Using the target lists and specified attack scenarios, the attacks are carried out with the appropriate emails and voice calls. For onsite assessments, a series of tests are started, including ‘baiting’ with infected USB drives, setting up onsite wireless Evil Twin attacks, delivering Keystroke Injection attacks via prepared devices, and more.
If the social engineering test is carried out as a part of an adversary simulation, initial access is used to obtain persistent access to the network to carry out further attacks.
After the social engineering test is complete, we create a report that outlines both the executive summary and assessment-specific details. We also provide remediation steps and training recommendations for any vulnerability we exploit.
Once the report is reviewed, a debrief meeting is scheduled to answer any questions and elaborate on the details in the social engineering report.
Evaluating EDR Product against Threat Actors: Uncovering Limitations and Collaboration for Enhanced Detection of Multiple Killchains.
The Azure penetration test helped the client identify and remediate multiple issues and misconfigurations, harden their infrastructure and calculate potential risks.
We will assess your architecture concept from the Information Security point of view and develop a baseline for your Secure SDLC and architecture hardening.