Our comprehensive tests include checks for:

Cross-site scripting

Input Validation

URL Manipulation

Code Execution

Hidden Variable Manipulation

Buffer overflow attacks

SQL injection

Authentication / Authorization Bypass

Session hijacking

Cookie Modification

Virus Detection

… and more!

The goals of your red team security tests may include:

Discover how security weaknesses can be leveraged to gain unauthorized access to information resources

Determine the effectiveness of novel attacks or combined techniques (such as phishing combined with penetration testing)

Identify key vulnerabilities that can realistically be exploited by hackers and provide recommendations

Here’s how LMG’s red teaming works in 4 steps:

Step 1: Determine the Rules for the Road

To begin, LMG will work with your team to establish the “rules for the road” and
unique goals for your assessment. You can decide:

  • Scope of the testing – determine permitted and prohibited facilities and attack vectors
  • Testing targets – we work with you to create a series of “flags” that may mimic PII,
    customer information, intellectual property, etc. that serve as the targets for the attack team
  • Actions we should take upon intrusion
  • Which of your organization’s team members will be aware of the test
  • When and how often you would like to be notified of tests
  • How aggressive we should be in our different types of testing

Step 2: Initial Reconnaissance

We will conduct initial reconnaissance and present your team with an attack plan (if
desired). The initial reconnaissance phase may include:

  • Port scans
  • Social media scrapes
  • Researching your organization’s online presence
  • Email harvesting
  • Physical facility mapping and remote examination
  • And other activities…

Step 3: Conducting the Attack

Our experienced testers follow the “intrusion kill chain” model. They are given creative freedom to “think like hackers” and select from a variety of attack vectors (selected from within your guidelines if you require restrictions). Upon obtaining access to the target flags, LMG’s testers will take previously agreed upon actions that can include: capturing images of the flags, exfiltrating data, attempting to bypass data loss prevention controls to exfiltrate data, and more.

Step 4: Results Analysis and Reporting

After the red team testing activities, we analyze the results and deliver detailed reports that
help you strengthen your security posture. Our reports include:

  • Executive summary
  • Narrative of red team test process and findings
  • Detailed technical results
  • Top Risks
  • Remediation matrix
  • Automated vulnerability scanner results and other raw data collected during the
    assessment
  • Presentation of results (60-90 minutes), for your chosen audience (optional, if desired)

Deliverables:

Our detailed reports include an executive summary, prioritized findings and remediation
recommendations that help you build a stronger network defense. LMG’s experienced team will
provide:

  • A test design and schedule for your approval
  • A post-mortem working session with your team to provide positive training and guidance
  • A detailed report that includes:
    • Executive summary
    • Overview of findings
    • Detailed methodology
    • Detailed technical findings, prioritized according to risk level
    • Recommendations for remediation

At LMG we believe in holistic security. We can also perform attack detection and response testing in
conjunction with our external penetration testing for broader vulnerability management across the
entire network.

For more information on our cyber attack detection and response services, please contact us.

For more detailed information on red team testing, please contact us