corner gradient
wave image
half circle
wave 2 image

Our Threat Intel-Based Red Teaming Methodology

At CloudMatos, our Red Teaming and Intelligence-led Penetration Testing are delivered by following the five below stages highly inspired from frameworks like Intelligence-led Cyber Attack Simulation Testing (iCAST), and CBEST Intelligence-Led Testing:

preparation

Preparation

flow
Threat Intelligence & Attack Planning

Threat Intelligence & Attack Planning

flow
Attack Execution

Attack Execution

flow
Result Analysis & Reporting

Result Analysis & Reporting

flow
Lessons-Learned Workshop

Lessons-Learned Workshop

preparation
Preparation Phase: Defining the Blueprint for Red Teaming

The initiation of red teaming begins with a meticulous exploration of its rationale. Prior to diving into any operational activities, a comprehensive assessment of the customer's current requirements and the intended scope of actions is imperative. This pivotal phase serves as the backdrop for establishing essential parameters, including but not limited to duration, legal boundaries, and any restricted actions. These crucial considerations are formalized and encapsulated within a detailed "rules of engagement" document, laying the foundation for a well-informed and structured red teaming initiative.

preparation
Threat Intelligence & Attack Planning Phase: Strategic Testing Unveiled

With the agreed-upon scope in place, the testing journey unfolds in the attack preparation phase, ushering in the pivotal role of Threat Intelligence. Crucial to the success of testing activities, this phase introduces threat-intelligence-based scenarios crafted to mirror the tactics of real-life cyber adversaries. These scenarios serve as the tangible output of a comprehensive analysis of both the generic threat landscape and targeted threat intelligence.

Employing the generated Threat Intelligence, our approach involves the creation of multiple attack scenarios. These scenarios strategically unfold to determine the most probable steps that real-world cyber attackers would employ in compromising the target customer and critical functions. This meticulous process aligns seamlessly with the MITRE ATT&CK framework, ensuring a comprehensive and strategic testing approach.

red teaming testing 01 image
preparation
Attack Execution Strategy

CloudMatos employs a streamlined execution concept comprising three pivotal phases to successfully conclude an engagement.

preparation

Get In

flow
preparation

Stay In

flow
preparation

Act

Infiltration (Get In):

In the initial phase, our red team focuses on securing access to their targets, necessitating the acquisition of network access. This critical step forms the foundation for subsequent actions.

Persistence Establishment (Stay In):

Following successful infiltration, our red team shifts focus to establishing persistency within the network. This phase is strategically designed to ensure survival throughout the engagement duration, allowing for a comprehensive assessment.

Operational Impact (Act):

The final phase involves the execution of actions, also referred to as operational impacts, collaboratively determined with the customer during the preparation phase. These actions are meticulously crafted to reveal vulnerabilities and demonstrate weaknesses in the system. This hands-on approach ensures a thorough and effective engagement, aligning with the predefined objectives and expectations.

Enhanced Phase Descriptions: Elevating Cybersecurity Practices
red teaming testing 02 image

Reconnaissance: Unveiling the Digital Landscape

- Dual approach: passive and active reconnaissance
- Strategic information gathering about the target organization, employees, and underlying components (e.g., operating systems, running services, software versions)

Exploitation: Penetrating Information Fortresses

- Breaching defenses and compromising identified information assets
- Utilizing diverse methods, including social engineering techniques via email, phone, fax, or SMS

Post-Exploitation: Sustaining Presence for Strategic Maneuvers

- Deployment of a persistent backdoor for prolonged access
- Seamless navigation between systems and establishment of command channels for control

Action on Objectives: Tailoring Strategies to Customer Goals

- Versatile phase focused on fulfilling customer-defined objectives
- Examples include collecting user credentials, accessing sensitive records, acquiring domain control, and evaluating defenses against insider threats
- Tailored approach ensures strategic alignment with customer goals and cybersecurity priorities

preparation
Result Analysis & Reporting: Strategic Insights Unveiled

Our comprehensive report is meticulously crafted to provide a meaningful C-level summary of the executed Intelligence-led Penetration Testing and Red Teaming assessment. This summation encompasses an overview of security strengths, a thorough analysis of organizational capability, and practical recommendations for remediation and enhancements.

The detailed report delves into the scenario-based attack, offering a transparent account of how it unfolded. It meticulously lists the critical elements of the attack, supported by respective evidence, highlighting the vulnerabilities that facilitated the Red Team's progression to subsequent stages.

In addition, a thorough logbook is furnished, chronicling every action performed by the Red Team. This detailed record includes timestamps, source and destination IP addresses, utilized tools, commands executed, detailed descriptions, outputs, results, and more, providing the customer with a comprehensive and transparent overview of the engagement.

preparation
Lessons Learned Workshop: Enhancing Defensive Strategies

While Intelligence-led Penetration Testing and Red Teaming adopt an offensive focus, their ultimate purpose lies in fortifying security measures and empowering the Blue Team. A comprehensive workshop is orchestrated, bringing together representatives from all relevant parties to delve into the red teaming engagement and its findings.

The primary objective of the workshop is to meticulously review all actions executed by the red team. Specifically, for actions that eluded detection by the Blue Team, the aim is to dissect why detection mechanisms and procedures faltered. This analysis serves as a foundation for extracting valuable lessons learned and devising improvement actions. The collaborative nature of the workshop ensures a holistic understanding and facilitates the implementation of proactive measures to bolster the organization's overall security posture.

red teaming testing 02 image

Our recent Intelligent Penetration and Red Teaming Testing Engagements

health care
Healthcare Case Study: Elevating Patient Data Protection

In the healthcare sector, our Intelligence-led Penetration Testing and Red Teaming initiative proved instrumental in fortifying patient data protection. By simulating real-world cyber threats, we uncovered vulnerabilities within the organization's network infrastructure, ensuring a thorough evaluation of their defense mechanisms. Through a collaborative workshop with healthcare stakeholders, we identified and addressed weaknesses in detection mechanisms and procedures. This proactive approach not only bolstered the organization's security posture but also enhanced their ability to safeguard sensitive patient information.

health care
Finance Case Study: Strengthening Financial Transactions Security

For a financial institution, our red teaming engagement focused on bolstering the security of financial transactions. By meticulously testing the organization's defenses, we simulated potential attack scenarios, exposing vulnerabilities in their systems. The subsequent workshop provided a platform for in-depth discussions with financial representatives, dissecting actions that evaded detection by the Blue Team. Extracting valuable insights from the lessons learned, the institution implemented targeted improvements to fortify their financial infrastructure and ensure a resilient defense against sophisticated cyber threats.

health care
Technology Case Study: Fortifying Cloud Security

In the technology industry, our red teaming engagement focused on fortifying cloud security for a prominent tech company. By executing scenario-based attacks, we uncovered vulnerabilities within their cloud infrastructure, ensuring a robust assessment of their security posture. The subsequent workshop facilitated discussions with technology experts, delving into actions that bypassed detection mechanisms. Extracting valuable insights, the company implemented targeted enhancements, strengthening their cloud security and ensuring a proactive defense against sophisticated cyber adversaries.

Our Security & Red Teaming Certifications

Our team holds the most recognised certifications in the cybersecurity industry such as: CREST CRT, SANS/GIAC GXPN, GPEN, GWAPT, GCIH, GMOB, OSCP, CEH, CISSP, CISA and more!

oscp cert GPEN cert GXPN cert CREST cert GWAPT cert GMOB cert osce cert osce cert osce cert osce cert osce cert osce cert osce cert

Some of Our Customers

oscp cert GPEN cert GXPN cert CREST cert GWAPT cert osce cert GMOB cert osce cert osce cert osce cert osce cert osce cert osce cert osce cert
wave 3 image

Get started with MatosSphere today

Get Demo