IMQ Intuity, thanks to particular techniques such as Open Source INTelligence (OSINT), performs in-depth research on the company and its employees to understand the target, to prepare an attack and to determine whether the company exposes information that presents a business risk (vulnerabilities, documents, critical information, etc.). In this phase we gather information from public domain sources (blogs, social networks, search engines, the deep web, etc.) without any kind of intrusive action against the customer.
The Red Team tries to penetrate corporate security by exploiting vulnerabilities in the IT infrastructure or, as is increasingly the case, in web-based applications. The Red Team seeks to bypass the security controls in place, whether they are technological (firewall, IPS, WAF, etc.) or a managed security operations center (SOC).
Looking at a company through the eyes of a hacker also means trying to exploit the human factor, which is why Red Team service includes social engineering activities such as phishing, impersonation, and baiting campaigns.
Unauthorized access to the premises can expose the company to significant risks. The Red Team service uses various techniques including Social Engineering techniques such as impersonation to test the effectiveness of the company’s physical security.
The results obtained from the Red Team service provide objective data that can be used to assess the adequacy of IT business processes, highlighting critical issues that have an impact on security.
The objective of a Whiteboard Attack is to assess the client’s ability to react in a series of simulated scenarios that represent real situations. This activity is carried out through a role-playing game in which attackers (IMQ Intuity specialists) and defenders (client) sit around a table and challenge each other using their own tools and strategies to achieve their respective goals.