IMQ INTUITY RED TEAM

We give you a glimpse of the future
so you can appreciate what might go wrong.

IMQ Intuity’s RED TEAM service helps customers determine if their security strategy can effectively counter a cutting-edge cyber attack by looking at the customer’s security through the eyes of a hacker.

 

Adopting the techniques and mental processes of real attackers, IMQ Intuity’s Red Team service explores all aspects of the corporate security setup: network infrastructure, application security, human behavior, physical security, and business processes.

 

The final objective of the service is to measure, through simulated cyber attacks, the true effectiveness of the company’s defenses and to understand the impact that threats could have on the business.

Download the Red Team service datasheet

ATTACK METHODOLOGIES

OSINT

IMQ Intuity, thanks to particular techniques such as Open Source INTelligence (OSINT), performs in-depth research on the company and its employees to understand the target, to prepare an attack and to determine whether the company exposes information that presents a business risk (vulnerabilities, documents, critical information, etc.). In this phase we gather information from public domain sources (blogs, social networks, search engines, the deep web, etc.) without any kind of intrusive action against the customer.

INFRASTRUCTURE ATTACK
The Red Team tries to penetrate corporate security by exploiting vulnerabilities in the IT infrastructure or, as is increasingly the case, in web-based applications. The Red Team seeks to bypass the security controls in place, whether they are technological (firewall, IPS, WAF, etc.) or a managed security operations center (SOC).

HUMAN ATTACK
Looking at a company through the eyes of a hacker also means trying to exploit the human factor, which is why Red Team service includes social engineering activities such as phishing, impersonation, and baiting campaigns.

PHYSICAL ACCESS
Unauthorized access to the premises can expose the company to significant risks. The Red Team service uses various techniques including Social Engineering techniques such as impersonation to test the effectiveness of the company’s physical security.

PROCESS EVALUATION
The results obtained from the Red Team service provide objective data that can be used to assess the adequacy of IT business processes, highlighting critical issues that have an impact on security.

WHITEBOARD ATTACK
The objective of a Whiteboard Attack is to assess the client’s ability to react in a series of simulated scenarios that represent real situations. This activity is carried out through a role-playing game in which attackers (IMQ Intuity specialists) and defenders (client) sit around a table and challenge each other using their own tools and strategies to achieve their respective goals.

SERVICES FOR YOUR BUSINESS

  • DETECTION

    Verify your ability to detect a potential attack from your security infrastructure or a SOC service.

  • REACTION

    Measure reactions to intrusion attempts and other security incidents.

  • AWARENESS

    Obtain a broader and more detailed understanding of your organization’s security level.

  • IMPROVEMENT

    Improve your security with a corrective plan based on objective evidence.

  • COMPLIANCE

    Comply with requirements in almost all computer security regulations and standards (e.g. GDPR, ISO27001, etc).

  • ADVANTAGE

    Achieve high safety standards that you can propose as added value.

  • GUARANTEE

    Guarantee your customers that products and services are protected in terms of information security.

  • EFFICACY

    Choose your security investments carefully and in a targeted manner.

TECHNICAL ASPECTS

The Red Team service performs a black-box attack that does not include any initial sharing of information related to the target or any kind of authorization or access to information. This allows IMQ Intuity to see the target as an external attacker would see it.

The kill chain attack structure of the Red Team service consists of four macro-phases:

  1. Information Gathering: collection of target information, including through OSINT techniques
  2. Weaponization: preparation of the attack, e.g. preparation of the payload, phishing campaign, etc.
  3. Exploitation: executive phase of the attack
  4. Actions on Target: the actions performed following the successful penetration (e.g. lateral movement, data exfiltration, malware installation, etc.)

EXTERNAL OR INTERNAL?
Typically, the service simulates the behavior of a hacker, so the point of view is principally external. However, we also anticipate actions from within the company by an employee, a consultant, or a visitor that bring risks both intentionally and unintentionally.

DURATION
The benefit of this service is its continuity. While we recommend at least 3 months, you can define custom timing based on your needs, or choose the “Hack in a Day” service for a quick win.

WHAT ARE THE TARGETS OF THE ATTACK?
The targets are the infrastructure, applications (particularly web-based), Wi-Fi, users via social engineering activities, and physical access to restricted areas or buildings.

DOES THE RED TEAM SERVICE NECESSARILY INCLUDE ALL THE ASPECTS MENTIONED IN THE OPERATIONAL ACTIVITIES?
The Red Team service brings its maximum value when all security aspects of the company are tested. It is possible however to focus on a single area, for example the infrastructure, or design the service to meet other specific customer needs.

The main difference between a penetration Test and the Red Team lies in the final objectives: while the former aims to find as many vulnerabilities as possible and exploit them to determine the level of risk, the latter aims to test the company’s detection and reaction capabilities.

In a penetration test, the perimeter, the target, and the timing are scoped and defined at the beginning of the activity. This is not the case however for the Red Team service, which simulates a real-life scenario where the attacker uses the means and schedule most convenient for him rather than the company.

A Red Team service emulates a real cyber attack that tries to avoid detection by the client’s technology and security services.

While a penetration test is focused only on the technical infrastructural, the Red Team’s more comprehensive service also exploits vulnerabilities arising from the human factor.

The service includes monthly meetings with the client to discuss the findings of the previous month including technical and executive reports that indicate:

  • the vulnerabilities exploited to perform the task.
  • the typology of vulnerabilities exploited (infrastructural, human, cultural or process vulnerabilities).
  • the danger level of the vulnerabilities found.
  • the details of the actions taken during successful attacks.
  • a final conclusion based on the new data with suggestions for corrective action.

HACK IN A DAY

FIND OUT WHAT DAMAGE A HACKER COULD DO TO YOUR BUSINESS IN A SINGLE DAY

The HACK IN A DAY service carries out a simulated computer attack lasting one day, using core Red Team operating methods, in order to test the company’s defensive capabilities.

 

The service allows you to observe and document which corporate vulnerabilities a “hacker” could exploit in a single day of activity and what potential damage it could do to business, infrastructure, and employees.

 

The objective of the service is to provide customers with an assessment of the information security protection level to expose where intervention is needed so that it can be improved.

 

IF YOU KNEW A HACKER YOU COULD TRUST ABSOLUTELY, WOULDN’T YOU ASK HIM TO TEST THE SECURITY LEVEL OF YOUR COMPANY?

Are Red team and Hack in a Day the same thing?
The Red Team’s value is its continuity over time, up to three months or more. Hack in a Day, on the other hand, uses the same approach as the Red Team, but has a duration of one day.

Why should I use Hack in a Day?

  1. Because the vulnerabilities that can be exploited in one day are probably the most attractive for an attacker.
  2. Because you want to test drive the Red Team service and learn more about IMQ Intuity.
  3. Because the budget is limited but you still want a solid security check.
  4. Because an SOC or new security technology has been activated and you want to test if it behaves as expected.

What activities are foreseen in the Hack in a Day service?
We will start with an OSINT (Open Source INTelligent) activity, focusing on external attacks on the infrastructure and exposed applications. We will also execute a phishing campaign to test the human factor.

What action should the client take?
None. The activity is completely black-box as it simulates a real attacker’s state of mind. The customer is not asked to provide any information to facilitate the activity, nor should they warn the SOC, who will have to react as if faced with a real attack.

How long does the activity last?
Even though the service is called Hack in a Day, the operational activities can be developed for a maximum of 3 working days with a final report delivered within 7 days.

IMQ INTUITY RED TEAM