Red Teaming & Associated services

Phishing Campaign

This test aims to identify vulnerabilities related to the human aspect: internal employees who have access to critical applications and information. The phishing campaign will make employees more aware about cyber security. This will involve sending them a malicious email to identify the percentage of staff who clicked and provide critical information about the company (identifiers ...). A report without personal information on employees will be provided and will make all employees more trained in cyber vigilance.

Physical Security test

This test simulates physical penetration by a malicious stranger. It is intended to reveal the vulnerabilities and risks associated with the physical aspect of security. The objectives defined with the customer may be accessing machines physically, sensitive physical documents, secured rooms or even obtaining a direct access to the network. We will try to access one or more locations, from the outside.

« Assumed breach »

This test simulates an attacker who has successfully broken into the corporate network (for example via a fraudulent email or via a successful physical / IT security breach). The objective will be to identify the shortest path to take control of the customer's “crawn jewel” (eg access to secret data). To do this, our testers will identify a chain of vulnerabilities present in the customer's infrastructure and thus exploit them to achieve the defined goal.

Full Red Team

This test allows a complete attack simulation, containing all the steps of an Advanced Persistent Threat (APT), to be performed by a group of elite ethical hackers. This approach provides a more realistic picture of the state of overall security than usual pentests (which have a smaller scope). This type of test is approached in three dimensions and involves Physical, Cyber ​​& Social engineering tests, making it possible to test the 3 attack surfaces of information security.

First, the team will gather a significant amount of information about the target, then attempt to gain access to the corporate network through a phishing campaign and physical penetration. Once access to the network is obtained, the team will attempt to identify the shortest route to take control of the customer's most valuable resource.

SCADA security test

Critical infrastructures and industrial systems are increasingly dependent on IT, introducing new threats to SCADA systems. Hackmosphere helps organizations through passive and active security assessments.

Passive assessments aim to assess an organization's current security capabilities, which is then compared to the desired level. Active assessments include penetration testing of PLCs and work environments.

Price is 1500£ per day.