Most organizations fail to realize that threats are very dynamic. The main weapons of choice for an attacker is their imagination and time. It’s a “what can I do with what is presented to me” mindset that attackers use. This and time are the key ingredients to an attackers arsenal. Organizations are fighting against a human mind, the most dynamic force known. In order to protect your organization, you need to start thinking how an attacker with a dynamic imagination would use what you offer them to cause an incident or breach. That’s very hard when you are stuck in the “Blue Team” mind set.
At FBS, we offer Pen Testing with a twist. We like to think of it as a “Purple Team” engagement. Yes we will Red Team your organization, but we insure we follow up with detailed reports on what we did and how you can protect against it. But it is more than an if/else engagement. We can work with your Blue Team and help educate them on the mindset used. This will empower them to understand how an attacker thinks and how to apply that knowledge to their environment for Protection and Detection.
RECONNAISSANCE
Reconnaissance is the “what are your presenting” aspect of an attacker. At FSB, we dig deep into what your attack surface area looks like. We use open source as well as in house proprietary tools to create a data lake of your organizations information. We also will inject pivot data that is exposed from your employees. Social engineering is still the easiest way to gain access to an organization. We will ingest all relevant data that an attacker can use. Remember, an attacker does not play by any rules, neither will we for our engagement. We will provided that data to your organization post engagement so you have a better understanding of your attack surface and where the risks are.
Pin Pointed Assessments
At FSB, we also can assess specific risk areas. Below is a list routine areas that needs assessed to avoid a breach. We can assess a single section of you organization, or all of them:
- Internal Pentest
- External Pentest
- Data Ex-filtration / Command and Control
- Application Testing
- Configuration Hardening