Cyber Attack Simulation
Ethical Hacking
Gathering intelligence about the organisation, detection of sensitive positions and mapping of external access infrastructure. The gathering can also include active social engineering and in-depth data gathering.
Determination of the attack vector that includes the mail systems; vaults; VPN; web applications; or even users who have the ability to switch between home networks and the organisation’s network. This phase also focuses on technical testing of the vector; sandbox evasion, etc.
Intelligence Gathering
Gathering intelligence about the organisation, detection of sensitive positions and mapping of external access infrastructure. The gathering can also include active social engineering and in-depth data gathering.
Determination of the attack vector that includes the mail systems; vaults; VPN; web applications; or even users who have the ability to switch between home networks and the organisation’s network. This phase also focuses on technical testing of the vector; sandbox evasion, etc.
Defence Perimeter Bypass
Several attacks will be carried out in order to get access to the corporate network, using data obtained in the initial phase of the attack vector. The goal is to reach a position within the organisation that allows us active connection via our command and control server. All of the scenarios gathered in the first stage are valid to attack and will be tested.A privilege escalation process will be conducted in order to gain access to sensitive information and to create a reusable access point.
Internal Network Takeover
“Client takeover” – Cyber360 will be focused on two major issues: gaining access to the domain controller servers and elevating ourselves to domain-admin; gaining and extracting of sensitive information. All actions will be done with the client and under the client’s approval and monitoring.
DDOS Simulation
Distributed Denial of Service or DDoS is an attack that denies service for a prolonged period of time and can result in a significant loss of revenue and damage to reputation. As botnets are a commodity that can be rented hourly by criminals for DDoS purposes to inflict damage on websites and equipment, such forms of attack are proving to be of significant concern.
While some organisations are investing in counter-measures, most still have no real insight into the potential impact of one of the most straightforward attacks that criminals use against websites and systems – the DDoS.
Cyber360 team can help organisations by simulating a DDoS attack to assess how the organisation’s systems respond to such an attack, and then provide solutions to mitigate such a risk in the future.
Cyber360 developed a global cloud-based environment in order to provide a unique service, in which multiple cloud-computing platform providers are joined together to launch several kinds of DDoS attacks – from the basic network flood, to the more advanced cryptographically challenging SSL connection flood and even application level attacks that requires higher computing capacity.
Such attacks are fully controlled and coordinated in an out-of-band mechanism, thus allowing us to fine-tune the level of attacks, initiate, pause or completely stop them at will and within seconds.
This kind of real-world simulation enables organisations to find the real bottlenecks in their infrastructure and internal procedures, and through a more informed decision making process to invest in the right places that will provide the best value for money when preparing for such threats.
