Advanced Penetration Test

APT, also historically known as “red teaming” is the act of breaking into a firm’s computer network (with authorisation of course!) with the aim of assessing the effectiveness of all implemented defences. This means the methodology starts with an intense amount of research into the firm, mapping out external infrastructure, staff rosters, and publicly known information. Any sources that can provide information about the company without disrupting servers are utilised to their full potential here.

Know More

Services Included

A (very) simplified example of an APT attack is:

  • A tester spends a number of hours researching and mapping all information publicly available.
  • The tester then chooses multiple attack vectors and creates numerous bespoke payloads specific to each vector (e.g. malicious PDF bypassing any found security implementation).
  • The tester launches an attack, using multiple methods including targeted spear-phishing attacks.
  • Once access has been achieved (via a backdoor, exploit etc.) the tester will secure access by pivoting throughout internal network and securing tunnels outbound to the tester.
  • The tester will then endeavour to find and secure access to sensitive information within the network.
  • Finally, the tester will then repeat step three until all identified attack vectors have been exhausted.

APT is the closest simulation to a real attack as a testing company can provide. As security is paramount within any firm, opting for an APT test is advisable as any weak links within a chain can be identified and eliminated.


Highlight The Existence of Security Flaws

The most effective way to test the systems and highlight the existing weaknesses in system configurations and network infrastructure that could lead to data breaches, malicious infiltration, or worse.

Ensure System Availability

Any disruption to business continuity (a data breach, or Denial of Service attack) will have a negative impact on organization’s business operations. Thus, APT helps ensure that the business does not suffer from unanticipated downtime or inaccessibility issues.

Evaluate Security Policies and Procedures

Evaluating the organization’s security policies and procedures is an effective way to overcome the security threats in this connected world where there is still no universal standard to carry out penetration testing. It depends on the creativity of the tester and the characteristics of the system being examined.

© 2018 Rhymetec LLC - All Rights Reserved