Adversary

Simulation

Adversary Simulation, commonly called Red Teaming, allows organisations to test their People, Process and Technology layers simultaneously to evaluate how their defensive controls stand up against motivated attackers.

Hunnic Cyber works with you to emulate well resourced & sophisticated adversaries attacking your organisation to enable you to improve your cyber resilience and enhance your cyber security maturity.

We work with you to establish your threat profile and identify your critical assets. We then start our simulated targeted attack process to go after your "crown jewels".

Once the engagements concludes, we provide you with actionable recommendations to improve.



Attack Process

Adversary Simulation

Methodology

image

1. Reconnaissance

During the first phase, extensive Reconnaissance is conducted against your organisation - your internet footprint, social media, and external services are assessed.

2. Exploitation & Persistence

Command & Control infrastructure is built, custom malware is authored and then three rounds of phishing - Pre, Bulk, and Spear - take place. Persistence is achieved via Registry, WMI, VPN or Scheduled Tasks.

3. Privilege Escalation

Once persistence has been achieved Active Directory enumeration is conducted, workstation patch levels & configurations are assessed, and network shares are enumerated.

4. Lateral Movement

Employing the TTPs of known threat actors, and using tools such as Rubeus, SharpHound, SharpSniper, & Mimikatz, the lateral movement phase continues until we have reached our target.

5. Operational Impact

At the end of the engagement we provide a detailed report, live presentation, and outline the technical risk to your cyber engineering team, and your senior management team translating our findings in business risk.

Threat Emulation

Sophistication

1. FIVE EYES – (GCHQ, NSA)

Supply chain attacks, undersea cable interception, quantum computing

  • 3. CYBER CRIMINAL GROUPS
  • Mass scale automated scanning and exploitation, bulk phishing, Credential harvesting

  • 5. HACKTIVISTS
  • Social media, phishing, low competency

    2. MID-LEVEL NATION STATE

    Custom implants & toolkits, polymorphic malware, exotic c2 protocols, SPEAR phishing

  • 4. HACKERS
  • Opportunistic, Application and Infrastructure focused, public exploits

  • 6. SCRIPT KIDDIES
  • Use of scripts, third-party tools solely, extremely limited sophistication

    image

    Your Security Controls

    Assessed

    Hunnic Cyber - Application Testing

    Perimeter Controls

    • Employee Security Awareness and Phishing resilience
    • Email Filtering
    • Email Anti-Spoofing Mechanisms
    • DNS Filtering
    • Web (HTTP / HTTPS) Filtering
    • Network Filtering
    Hunnic Cyber - Adversary Simulation

    Internal Controls

    • Malicious Network Activity Detection
    • Monitoring and Incident Response
    • Protection of Privileged Accounts - Domain Administrators
    • Protection of Privileged Accounts Protection of Service Accounts
    • Domain Security Policy
    • Data Loss Prevention
    • Patch Management Policy
    • Weak Password Policy
    • Network Segregation
    Hunnic Cyber - Tooling

    Workstation Controls

    • Workstation Hardening
    • Antivirus / Anti-Malware
    • Application Whitelisting
    • Protection of Privileged Accounts - Local Administrators
    • Application Security Settings
    • Employee Laptop Protection

    Red Team

    Benefits

    HOLLISTIC 360 DEGREE ASSESSMENT


    • - Your organisation's internet footprint is assessed
    • - Your employees' phishing awareness is assessed
    • - You inbound/outbound technical controls relating to emails are assessed
    • - Your HTTP(S) Proxy, and DNS split horizoning are assessed
    • - Your endpoint protection (AV & EDR) is assessed
    • - Configurations of corporate builds are assessed
    • - File-shares scanned, and your Active Directory is assessed

    WORKSTATION

    PERIMETER

    INTERNAL

    Security

    Research

    At Hunnic Cyber we believe that in-house security research is paramount having regularly contributed to the Red Team community.

    We have developed well received tools for post-exploitation such as SharpSniper, an Anti-Virus evasion tool dubbed Fene, an Active Directory password spraying tool called SharpDomainSpray and recently released one of the first Machine Learning Red Team tools in the industry dubbed SharpML.



    View SharpML

    Red Teaming

    Reference

    I worked with Hunnic Cyber for a red teaming exercise and an external penetration testing. We have been fully satisfied in both cases....

    ....We change providers every year and as a result experienced a lot of penetration testing teams, clearly Hunnic Cyber demonstrate one of the greatest technical ability....

    ....I can only recommend them if you really want to test and find out where your security need to be improved.

    Antoine Fabry - CISO at Banque Havilland S.A, Luxembourg



    IN MEMORIAM - Czakó Emerencia Ágnes