Mission-Oriented Threat Emulation
Advanced Persistent Testing™
InGuardians Offensive Services focus on testing an organization’s readiness to detect, deter, and withstand attacks. Our Offensive Services Team utilize offensive tactics, techniques, and procedures to gain access to an organization’s critical assets. The underlying philosophy behind all of InGuardians Offensive Services is to “model the threat”.
All of our Offensive Services begin with determining the threat profile of the client. In this process our entire team identifies the threats and actors that pose the most risk to your organization.
The services below are a subset of what InGuardians can do for your organization.
Red Team Penetration Test
The InGuardians Red Team Penetration Test combines decades of deep technical knowledge with bleeding edge tactics to uncover a business’ true risk. Acting as one unit, one operation, the InGuardians Offensive Services Team leads within the industry at emulating and conducting stealthy operations. InGuardians Offensive Services Team develops and conducts its operations using Tactics, Techniques, and Procedures (TTP’s) that mimic today’s sophisticated attackers.
What is Red Teaming or a Red Team Penetration Test?
Acting as one unit, one operation, the InGuardians Offensive Services Team leads within the industry at emulating and conducting stealthy operations. InGuardians Offensive Services Team develops and conducts its operations using Tactics, Techniques, and Procedures (TTP’s) that mimic today’s sophisticated attackers. Attackers compromise organizations, exfiltrate their data, all while going completely undetected. Employees grant the attackers a foothold, falling victim to phishing, drive-by-downloads, social engineering, or physical attacks. The attacker maintains persistent and stealthy access to the company’s internal network, but this is just the beginning. Attackers gain this access, then pivot to other systems mercilessly. Red Teaming is different from an internal penetration test. An internal penetration test is typically a focused vulnerability assessment coupled with exploitation. Red Teaming at InGuardians involves mission-oriented operations, team collaboration, and multi-vector chained attacks, custom-tailored to deliver a cutting-edge adversarial emulation assessment. InGuardians defines the mission during each Red Team Test as to emulate the specific threats facing the organization or its industry. Red Team missions are often unhindered in scope, applying to all attack vectors from physical, social engineering, network, and application exploitation. Red Team assessments can last for several weeks to months. Some organizations even utilize multi-year engagements to achieve stealth and goals. The InGuardians approach directly models the most lethal threats organizations face today by cyber-criminals, hacktivists and advanced persistent threats (APT).
Internal Penetration Test
External Penetration Test
In today’s connected world, the most common point of entry for attackers comes from outside your environment. Your network should be a digital stronghold for your data, complete with several layers of robust, preventative controls and detailed monitoring capabilities. InGuardians uses the same tactics, tools and processes seen in recent high-profile attacks to identify the vulnerabilities that are difficult or even impossible to detect with automated scanning tools.
Web Application Penetration Test
Web applications have proliferated every aspect of our computing lives including how we bank, communicate with friends and family, down to the management interfaces and APIs that integrate with home automation and the Internet of Things. InGuardians has performed countless application assessments uncovering vulnerabilities that could lead to the compromise of sensitive customer information, breach of infrastructure, and immeasurable brand damage. Our consultants guide businesses in how to remediate vulnerabilities in their applications and develop secure coding programs.
Wireless and RF
InGuardians RF experts have dozens of years of combined experience in hacking radio signals and systems. Today, your radio gear often includes much more than just your wifi networks. Internet of Things (IoT) brings point of sale systems, elevators, HVAC, surveillance systems, ZigBee and other SCADA systems into your network, increasing your attack surface. Contact us (wirelessly) if your team needs to identify the RF threat to your organization.
Mobile Application Penetration Testing
Mobile apps are being developed with a focus on speed, not security nor privacy. Our skilled mobile attack team has been at the forefront of mobile app security research discovering countless zero-day vulnerabilities in custom enterprise mobile apps and operating systems that would have resulted in backend infrastructure compromise, mobile device insecurities, and data compromise.
Hardware manufacturers should design their products as if their only users were state-sponsored attackers. Putting your hardware into the hands of millions of consumers puts the hardware into the hands of millions of potential hackers. InGuardians has lead the industry in defining best practices for testing and deploying network-connected devices. InGuardians’ team of hardware hackers brings over a decade of experience breaking into and securing Smart Grid systems and hacking Internet of Things devices. Contact us to test your hardware devices before you deploy them or integrate them into your solution.
Physical Penetration Testing
Determined attackers will stop at nothing to gain access to their targets’ networks. They may leverage physical insecurities, employee patterns, and social engineering to infiltrate corporate buildings and closed networks. InGuardians Offensive Services Team utilize the Tactics, Techniques, and Procedures (TTPs) of real attackers to demonstrate the impact a physical security breach has on information security assets.
Social Engineering and Phishing
InGuardians Social Engineering Assessments model various threats your organization faces through phishing, vishing, and in-person attacks. Our team develops thoroughly-researched and believable pretexts to test the ability of your employees to identify social engineering attacks, whether they come by email, phone calls, or face-to-face. Looking to test the effectiveness of your security awareness program or the likelihood of your employees allowing an attacker to run code their workstation, InGuardians Offensive Services Team will identify the most likely attack vectors and act on them to deliver the results you need to protect your most valuable resources.
Kubernetes and Container Security
Public Cloud Security
Red vs. Blue
InGuardians has developed a unique Red vs Blue team training program that can be customized to your organization. We start by assessing and bolstering the organization’s Incident Response capability. Then, using custom training modules we conduct live fire exercises testing your team’s ability to detect, deter, and respond.
Actively searching for malicious threats or actors on information systems.
InGuardians HuntTeam operators use both defensive and offensive teams to identify compromised systems, malicious code, and other indicators of compromise.
For over eighteen years, InGuardians trainers have set the standard for excellence in the information security industry. We have helped author and deliver some of the most popular courses at The SANS Institute, Black Hat, Cansec, Interop, RSA, IDA, Distributech, and on site for private customers. Contact us to get started on creating a customized training experience for your team.
Press and Speaking