We’ll start by working out where and how you could be attacked, and discussing the breaches you are most concerned about.
We’ll help you set a realistic, high-impact breach objective, and work across your attack surface to achieve it.
Using the same techniques as criminal hackers and advanced persistent threats, we attempt to breach our clients’ organisations.
We realistically simulate data breaches, theft of information, fraud, defacement, long-term persistence and data exfiltration.
Afterwards, we’ll tell you how we did it, and we’ll keep working with you over the long term.
And we’ll keep your work grounded, focussed and effective by giving our perspective as attackers.
Our team carry out technical attacks from the simple to the sophisticated. Using a variety of techniques, we find and exploit vulnerabilities that allow us to breach systems.
We use social engineering tactics, ranging from simple mass phishing attempts to carefully tailored spear phishing against high-privileged staff and very attacked persons.
We find and make use of information about your organisation and its services by monitoring and curating confidential data from a variety of open intelligence sources.
We can support our other work by carrying out attacks on physical locations, such as accessing private premises or gaining access to wired or wireless networks.
After the adversary simulation, we’ll visit you regularly and work together to make your organisation more secure and your teams more capable.
We'll help you to use the findings of the simulation effectively and with maximum impact, working closely with your teams to develop your security culture and capability.
One of our hacking team will sit with one of your technical staff to work through the findings in a report in detail. We’ll explain the vulnerabilities we found, review code, help you fix issues and discuss opportunities for further improvement.
One of our friendly hackers will pair with one of your team to review a codebase or component in detail. We’ll go through the code or configuration line by line, looking for problems and hardening opportunities, making improvements as we go.
One of our team will visit you and carry out reconnaissance and vulnerability analysis. They’ll do work similar to an adversary simulation, but instead of a report they’ll create tasks in your backlog and discuss the issues with your team there and then.
We’ll come to visit your team and provide feedback or advice on your work from our perspective as attackers. Usually, this consists of a day of meetings! We’ll agree an agenda to ensure we can prepare and send the right member of our team.