Advanced Peristent Threads
Red Team Exercises
Red Team Exercises are one of the platinum services offered by Avanguard. Those exercises are aimed at simulating a real targeted cyber attack by deploying its whole lifecycle, from reconnaissance to exfiltration of data. The objective of Red Team exercises is to attempt to compromise a company's Information systems, by any means possible, using any attack vector. Those exercises will help companies to have a holistic view of they cyber security resilience, as it assesses the prevention, detection and response security measures in place. Those tests will involve all types of intrusion testing activities, such as Social Engineering, tailor-made malware attacks, Web Application penetration testing, etc...
Human Targets
Social Engineering
Human are the weakest link. Most of modern cyber attacks, in particular Advanced Peristent Threats, imply targetting humans in order to compromise information systems. Human can become the shortest path to a compromise as their end points are located in the internal network of the Company. Methodologies such as embedding malware in e-mails, spear-phishing attacks can pass through a number of defense-in-depth mechanisms as targeting end user end-points directly.
Open-Source Reconnaissance / Intelligence
Open-Source Intelligence aims at discovering different sets of information concerning a target using pulic available information, such as information on the Internet. This activity is crucial in the process of cyber attacks in order for the attackers to identify weakest links of an organisation which could lead to its compromise.
Applications, Infrastructure, Network and Cloud Targets
Web Application Pentesting
Numerous security vulnerabilities can bring Web Applications at risk of compromise. Web Applications can often become the the initial infection vector and the entrance door to cyber criminals. Web Applications Intrusion testing is aimed at identifying vulnerabilities affecting the Applicative layer.
Infrastructure Pentesting
Infrastructure Pentesting are aimed at identifying vulnerabilities affecting the system layer of information systems.
Network Pentesting
Network Pentesting are aimed at identifying vulnerabilities affecting the network layer of information systems.
Mobile Targets
Mobile Application Pentesting
Mobile applications, on top of standard Web Application vulnerabilities, come with new attack vectors from cyber criminal, mostly because of the fact that the client side resides on the mobile phone, which can easily be accessed by a cyber criminal (loss, thefth)
Tailor-Made Mobile Malware Pentesting (M-APT)
Tailor-Made mobile malware pentesting is one of the platinum services offered by Avanguard. It involves the usage of home-made malware which will not be detected by security protections on the mobile phone, such as it would be the case in high-profile targeted attacks. Such tests will assess the effectiveness of layered defense, bu tyring to breach different layers of security mechanisms.