Do you truly know where the vulnerabilities are within your network and how a targeted attack could gain access to your systems and information? You probably feel confident that you get a penetration test done annually, or possibly even twice a year. What about when an attacker makes a decision to focus on your company and use that scope as a much larger targeted attack, using a whole chain of scenarios to compromise your environment like happened at the Australian National University (ANU) or Sony.
Don’t leave it to chance. Challenge our team of professional hackers to simulate an attack against your organisation using all the tools at their disposal. See how an attacker could get access to your Domain Controllers within 3 days, all starting with a simple phishing email.
Do you really know how a targeted attack could compromise your network? Could a phishing email lead to a full compromise? Challenge us now with nothing but your company name.
Our offensive security team use all of the skills at their disposal. They have the ability to leverage all of their experience depending on the environment they are attacking which may include:
- Physical Social Engineering
- USB Drops, MiniPwner plants, OMG Cable compromises
- Web Application compromises to gain reverse shells
- Spear and Mass Phishing go gain credentials
- Wireless Network Compromises
- Compromising networks through security misconfigurations or missing patches
Our record from nothing to Domain Admin is 22 hours. Want to challenge us?
What is the Triskele Labs Methodology?
The most important step when conducting any Attack Simulation is to understand that target to gain as much prior knowledge as possible and allow for customisation. The mission during reconnaissance is to gain the knowledge to allow for silent and stealthy attacks, privilege escalation and data exfiltration further through the mission. While this is the first step in the attack, it is important to consider that it is carried out all the way through and the attack team are continually learning and developing more attacks.
The team leverages a wide variety of Open Source Intelligence (OSINT) methodologies during this stage to gather as much information as possible to provide a quick and stealthy attack. We utilise a wide array of tools including Maltego, LinkedIn, Google, Twitter, LinkedIn, Facebook and more. The goal is to gather as much information about the target network prior to the engagement commencing so that attacks can happen quickly, quietly and effectively.
Once the team understand the environment, specific attacks will start to be developed based on the information provided. This will include gathering exploits from public repositories, and our own internal custom developed toolkits. In addition, we will commence building out hardware exploitation tools specifically for the Operating Systems, services and devices discovered for the UNSW Canberra environment. Specific environments leveraging our arsenal of tools will be built including NPK, C2 Servers and CobaltStrike to work in harmony with our other attack mechanisms.
Due to the nature of this testing, the Triskele Labs team will work together to delivery the attacks developed in the previous phases. This could include physical testing, web application attacks, external network attacks, internal network attacks and wireless network attacks.
Once all the tools are in place and the team thoroughly understands the network, the true “break in” commences where the team commence exploitation to gain access. Each exploit is utilised as a chain to finally reach privilege escalation and the highest level of administration possible. The ultimate goal is to achieve sideways lateral movement as silently as possible and exfiltrate data without alerting the blue team.
While members of the team are working on exploitation, other team members will commence on creating a beachhead to allow for ongoing privileged remote access. While this task would have been carried out through the engagement through physical and online compromise, the goal is to ensure that this level of infiltration is not discovered. There are many methods that will be utilised for this phase depending on the exact nature of the compromise. It is at this point that a command and control server will be established to maintain persistence.
Throughout the engagement, the Triskele Labs team will report all attack trees and findings through VECTR.io to ensure the outcome our clients are seeking can be delivered. This will support ongoing weekly meetings between the two teams to allow for a truly purple teamed approach.
An often forgotten step in attack simulation is the clean up. The Triskele Labs team will remove all physical devices and online compromises from the network, returning it to the same state as when the engagement commenced.