The security field is always more complex and preventing from a breach to occur is undoubtedly hard.
The classical approaches reached their limit and now the security professionals have to deal with new challenges and related risks for their customers as well as their own infrastructure.
For these reasons and in order to bring value in each project to enhance your security, the POST CyberForce Offensive Security team proposes the following approaches:
- Advanced phishing campaign: Awareness is cool but what if you have to deal with a well-prepared campaign? Are you ready for that? In order to challenge incident response capabilities, processes in place, IT risks and more, we propose realistic approaches such as credential theft or using more sophisticated approaches, customized payload delivery.
- Adversary Simulation: Challenge your risk exposure through a realistic scenario using a predefined attack vector.
- Adversary Emulation: Emulate well-known TTP from the most recent campaigns to validate your exposure and mitigate the risk.
- Red Team exercice: Emulate a “real-world” threat based on pre-defined objectives (I.T, business…) with the goals of training and measuring the effectiveness of people, processes and technology used to defend your business
- Purple Team exercise: By sharing intelligence data across the red and blue teams during the purple teaming process, organizations can better understand threat actors’ Tactics, Techniques and Procedures (TTPs).
- Application Vulnerability Exposure & Hardening: Using a “n-day angle” approach, challenge commercial or closed solutions, patches to apply on restricted or sensitive environment through fuzzing, diffing and reverse engineering techniques to challenge security before go-live.
- Pentesting services: In addition to your classical vulnerability assessments, architecture/code reviews, application security processes, end-users’ awareness… the POST offensive security team offers Penetration Testing to identify exploitable weaknesses and the associated impact of their exploitation to anticipate the risk using the offensive approach. We propose a complete portfolio to cover each layer of security from classical Web applications, internal penetration testing, mobile environment to physical intrusion and social engineering.