Service

Penetration
Testing &
Red Teaming

infoguard_header_lp_penetration_testing_red_team

Penetration Testing & Red Teaming

The risk landscape is constantly changing. New technologies and business requirements are being integrated. Attackers’ strategies are changing just as quickly. Accordingly, cyber security needs a thorough health check on a regular basis. Effective cyber security requires a deep understanding of the methods and tactics used by cyber criminals. With our expertise in penetration testing and red teaming, we’re able not only to identify vulnerabilities, but can also develop tools and procedures to detect them before potential attackers can exploit them.

Adversary Simulation
Services

What’s the best way to test the security of your IT infrastructure, systems and organisation? With a hacker attack, what else! Our adversary simulation services involve a real attack carried out by our penetration testers. This shows whether the infrastructure is adequately protected against external and internal attacks and can withstand the accepted residual risks. The controlled execution of an attack reveals vulnerabilities in a particularly realistic way. The range of systems tested extends from network services and online shops to complex corporate networks and infrastructure users. We offer modular penetration tests to examine these key factors in detail. These range from passive information gathering and targeted external penetration tests from the Internet to identifying vulnerabilities that can only be detected on site. Our approach is based on the recognised OWASP, OSSTMM and ISO 27001 methods.
 
Red Teaming / Purple Teaming

Our Red Team has extensive experience in the simulation of various threat actors. These range from simple “script kiddie” attacks to highly complex vulnerability chaining for attacks at the “nation state” level. Close, continuous cooperation with the internal Blue Team and the implementation of impromptu crisis management exercises at InfoGuard’s Cyber Defence Centre have resulted in a unique wealth of experience for particularly complex and well-shielded environments. The attacks have already gone so far as to exploit vulnerabilities that are still unknown to the public (development of so-called zero-day exploits). This has made it possible to bypass state-of-the-art security appliances and achieve a breakthrough in high-security environments. Our individual team members have wide-ranging and deeply specialised expertise (e.g. from BlueTeam/RedTeam dual roles, forensic analyses, reverse engineering, cryptography or exploit development), producing a unique combination of offensive and defensive IT security.

Attack Simulation
Recent cyberattacks have revealed the sophisticated methods used by cybercriminals today. With our attack simulation, we verify the effectiveness of your security infrastructure against opportunistic attackers. The simulated attack is supplemented selectively and as required by highly targeted methods in order to achieve the defined attack objectives. The attack is carried out from the perspective of an external attacker. The starting point is often, but not necessarily, the Internet. Do you want to know how far a hacker can get in your network and how successful a targeted attack would be? We’ll show you how with a simulated attack on your company. 
Internal Attack Simulation (Assumed Breach Assessment)
Many companies want to test the effectiveness of their own security infrastructure by simulating an attack – i.e. assuming that an attacker is already in the internal network (known as an “assumed breach”). Our internal attack simulation is based on a fictitious security incident and focuses in particular on the Active Directory (AD), which is a central pillar of the infrastructure. The approach not only covers threats from internal actors, but also takes into account the risks posed by compromised user accounts or infected clients. Specific scenarios are selected, such as the use of a client VPN on a customer laptop or a connection via the Virtual Desktop Infrastructure (VDI), which meet the customer’s technological requirements. This simulation aims to provide an accurate picture of possible vulnerabilities and delivers concrete measures to optimise security.
TIBER EU
The threat of cyberattacks has become one of the most pertinent risks for the financial sector in recent years. To guard against attacks, it makes sense to comply with current cyber security standards and to check their effectiveness periodically using penetration tests. To enable these tests in a standardised form in Europe, the EU central banks have created TIBER-EU (Threat Intelligence-based Ethical Red Teaming), a uniform framework for threat-based penetration tests.
With our TIBER-EU red teaming penetration test, we check your live systems against the requirements of the directive. The motivation for a TIBER test is not to ensure the successful defence against an attack, but to identify vulnerabilities in your own defence mechanisms and measures. A TIBER test tells the company how attackers could operate successfully, enabling the company’s own cyber resilience to be improved accordingly.

Penetration
Testing

As part of our penetration tests, our penetration testers specifically search for vulnerabilities that cannot be detected or exploited by automated tools. This also includes information gathering, whereby information is searched for to identify the customer’s systems that are freely available on the Internet. These available systems represent the exposed attack surface, which is essentially available to any anonymous attacker via the Internet. Depending on the previously identified services, further specific tests are adapted and carried out.
 
Application (Web, API, Fat, Mobile App)
This penetration test involves a technical test of the web application (including the server on which the web application is operated) from the perspective of an experienced attacker – and the source code is also optionally analysed. The aim of the web application security audit is to identify vulnerabilities that could directly threaten the application or could lead to a security problem in the future (e.g. in combination with other vulnerabilities). The audit is structured on the basis of the OWASP Web Security Testing Guide (WSTG) and the OWASP Top 10 Web Application Security Risks and supplemented with specific tests from InfoGuard.
Internal | External Penetration Test
The internal/external penetration test checks which exposed systems can be identified by means of a detailed collection of information. Lucrative targets or weak systems (such as vulnerable web applications or outdated services) are known and can be analysed in further steps. This identifies strengths and vulnerabilities, assesses the risk situation and recommends specific measures to reduce or eliminate any vulnerabilities.
Infrastructure (Cloud, Container, Web-Proxy, E-Mail, WLAN, Server, Client)

This audit involves a technical review of the infrastructure. This involves verifying whether technical or configuration vulnerabilities exist that would allow an attacker to gain initial access to the internal network – or to control internal IT systems from the Internet (C2), or to steal data undetected. The test catalogue developed by InfoGuard is based on recognised security standards such as the “Center for Information Security” (CIS) benchmarks and the Microsoft Security Baselines.

IoT | ICS | SCADA

We test your IoT/ICS and/or SCADA infrastructure. The strengths and vulnerabilities of the individual components are checked, the risk situation is assessed and specific measures are developed to reduce or eliminate any vulnerabilities. The audit ensures that the systems used are sufficiently secure to withstand a cyberattack.

Active Directory Assessment

The Active Directory is the central location for managing network resources, user objects and authorisations. Security gaps and potential vulnerabilities within the configuration can have a major impact on your cyber security and increase your susceptibility to cyberattacks. Our Active Directory Assessment is the perfect solution for identifying any security gaps and risks. The Active Directory settings in your company are fully checked for security issues and the results analysed by the designated specialists and then discussed with you in detail. You’ll receive specific optimisation suggestions and recommendations to ensure a secure AD configuration in your company.

Source Code Review | Protocol Analysis
Our source code review identifies errors that are difficult or impossible to find in black box or grey box tests. Our experienced pentesters are aware of the typical implementation and design errors and carry out a thorough code review. Checking the source code not only shows which instruction in which line of code is vulnerable, but also which variable caused the vulnerability. This gives the application developers a comprehensive picture of the individual vulnerabilities so that they can be eliminated in a targeted manner.

Research &
Development

With our expertise in penetration testing and red teaming, we’re able not only to identify vulnerabilities, but can also develop tools and procedures to detect them before potential attackers can exploit them.

Do you have any questions about our Penetration Testing & Red Teaming Services?

Please fill out the form to get in touch with our experts. We are happy to advise you.

TOP-CIRCLE

Cyber Defence & Incident Response

Cyberangriffe erkennen, abwehren und Handlungsfähigkeit wiederherstellen

Im InfoGuard Cyber Defence Center (CDC) in der Schweiz arbeiten über 80 hochqualifizierte Cyber Security Expert*innen und Analysten. Das CDC an unserem Standort in Baar ist ISO 27001 zertifiziert und ISAE 3000 Typ 2 überprüft. Es verfügt über ein mehrstufiges, physisches Sicherheitskonzept und die Sicherheitssysteme werden rund um die Uhr überwacht. Die vitalen, technischen Komponenten sind mehrfach ausgelegt und garantieren höchste Verfügbarkeit. Gleichzeitig erfüllen wir die strengen Vorgaben des Datenschutzes (DSG und EU DSGVO/GDPR) und die Richtlinien für den schweizerischen Finanzsektor.

Zudem wird sichergestellt, dass die Daten ausschliesslich beim Kunden oder in unseren redundanten Rechenzentren in der Schweiz gespeichert werden. InfoGuard ist BSI-qualifizierter APT-Response-Dienstleister, Mitglied bei FIRST (Global Forum of Incident Response and Security Teams) und agiert zudem als Incident Response-Partner und Schadensabwickler von führenden Versicherungen, Brokern und Schadensabwicklern, was den hohen Qualitätsstandard der Cyber Defence und Response Services unterstreicht.

Zudem wird sichergestellt, dass die Daten ausschliesslich beim Kunden oder in unseren redundanten Rechenzentren in der Schweiz gespeichert werden. InfoGuard ist BSI-qualifizierter APT-Response-Dienstleister, Mitglied bei FIRST (Global Forum of Incident Response and Security Teams) und agiert zudem als Incident Response-Partner und Schadensabwickler von führenden Versicherungen, Brokern und Schadensabwicklern, was den hohen Qualitätsstandard der Cyber Defence und Response Services unterstreicht.

Bei all unseren Kunden mit einem MDR-Service
konnten wir erfolgreich einen Business Impact durch Cyberangriffe verhindern.

infoguard-cyber-defence-center

Profitieren Sie von unserer langjährigen Erfahrung

24/7

Managed Detection &
Response Services aus unserem CDC in der Schweiz

80+

Experten in dedizierten SOC-, CSIRT- und Threat-Intelligence-Teams

12+

Jahre SOC-Erfahrung & Kompetenz

300+

Cyber Defence- & CSIRT-Kunden

4

Wochen für das strukturierte SOC-Onboarding

Hunderte
Incident-Response-Fälle
pro Jahr

BSI-qualifizierter APT-
Response-Dienstleister &
FIRST-Mitglied

Swiss 
SOC-Plattform

infoguard-cyber-defence-plattform

Cyber Defence Platform

InfoGuard Cyber Defence Plattform

Herzstück einer wirksamen 
und effektiven Cyber Defence

Die eigenentwickelte, hochskalierbare und On-Prem in der Schweiz betriebene InfoGuard Cyber Defence Platform bildet das Kernstück unserer Cyber Defence Services und basiert auf einer offenen XDR-Architektur.

Um sicherzustellen, dass wir Bedrohungen aus allen Blickwinkeln sehen, sammelt die Plattform Daten von Endgeräten, Netzwerken, IoT-/OT-Infrastrukturen, Cloudumgebungen und Identitäten.

Durch die Nutzung unterschiedlicher Erkennungsmethoden, einschliesslich Machine Learning, kann die Plattform schnell Anomalien und verdächtige Verhaltensweisen aufdecken und mit Erkenntnissen aus aktuellen Sicherheitsvorfällen, simulierten Cyberattacken und Threat-Intelligence-Feeds anreichern, um unsere Analystenteams zu unterstützen. Dank der Schwarmintelligenz von Hunderten Kunden, täglich Tausenden von Sicherheitsereignissen und hunderten IR-Fällen ist der bestmögliche Schutz und die schnellstmögliche Reaktion garantiert.

Durch die Nutzung unterschiedlicher Erkennungsmethoden, einschliesslich Machine Learning, kann die Plattform schnell Anomalien und verdächtige Verhaltensweisen aufdecken und mit Erkenntnissen aus aktuellen Sicherheitsvorfällen, simulierten Cyberattacken und Threat-Intelligence-Feeds anreichern, um unsere Analystenteams zu unterstützen. Dank der Schwarmintelligenz von Hunderten Kunden, täglich Tausenden von Sicherheitsereignissen und hunderten IR-Fällen ist der bestmögliche Schutz und die schnellstmögliche Reaktion garantiert.

Die Plattform bietet umfassende Transparenz und arbeitet nahtlos mit Ihrem bestehenden Technologie-Stack zusammen. Dies minimiert das Onboarding und eliminiert die Herstellerabhängigkeit. Zudem ist sichergestellt, dass sensitive Kundendaten jederzeit geschützt sind und ausschliesslich in unserem Data Center in der Schweiz gespeichert werden.