Assume breach – Pentest for the mature organization

How an Assume Breach test works

Assume Breach is a dynamic form of testing where the goal is to prove how to get from A to B rather than uncovering all vulnerabilities on the network.

In the process, we uncover real vulnerabilities and setup errors that are tested specifically in your network context and demonstrate how they can be exploited to gain rights on your network.

The test focuses on determining whether you can access systems and data that are particularly critical to you.

We use methods that can grant the user more rights on the local device and in the network, test the robustness of the defenses set up and whether there are vulnerable products installed that we can exploit.

The approach is dynamic

Overall, we explore what is possible to do with a computer without a user and with a standard user when accessing your location.

First, we examine the machine and your default image for local vulnerabilities that we can exploit to, for example, escalate user privileges.

We also investigate if there are applications that are set up incorrectly so that we can exploit them to escalate the attack.

Then we try to escalate the attack into the network. Among other things, we investigate:

• Are there devices on the network that the user has access to and can the rights on these be escalated?
• Is there data on the network that we can use to escalate our rights?
• Are there vulnerabilities in the systems that can be exploited to gain access to servers?
• Is relevant traffic sufficiently encrypted or can we intercept data that can be used to gain access to multiple systems?
• Are there inappropriate setups in AD groups that different users are members of that allow unintended systems or information to be accessed?

A key part of the test is a thorough examination of your Active Directory with different test users.

We have a toolbox of scripts that we’ve collected and are expanding along the way. They will be tested on your machine and systems.

And, we have a checklist of test cases that our consultants have created and expanded over the 10+ years they have been working with these things.

How often is an Assumed breach test performed?

Assumed breach testing is typically performed once a year. The output of the test can help highlight where you should focus your resources on an overall level to improve your overall security level.

An Assume Breach test can also become relevant on an ad hoc basis if you have made major changes to the infrastructure or if the board suddenly announces that they want a realistic cybersecurity test carried out.

Reporting

The work culminates in the preparation of a detailed report documenting the choice of methodology and test cases and providing prioritization of vulnerabilities and suggestions for mitigation.

The report will be in two parts, a management summary that, in non-technical terms, briefly describes your current level of IT security and then a technical section describing the vulnerabilities found and, most importantly, how to fix them and make a potential attack more difficult.

We would like to have a debriefing meeting with you.

Get in touch with us below to receive a dummy report.

Read about our other services