Feisty Fox Security’s Red Tiger Team Attack Simulation Service is designed to identify the weakest points in an organisation which an attacker may seek to exploit. We use the same approach, mindset and techniques employed by real adversaries. We are not limited by a specific scope or a strict deadline, as we deliver the engagement over a long period of time, typically 6 – 12 months, giving us the time necessary to organise and carry out the attack and to reach the identified objectives. Our security experts set objectives based on the customer business and create and execute attack scenarios.

Methodology

Feisty Fox Security and the customer will determine which assets are most important to an organisation, which could include:

  • intellectual property (IP);
  • customer data;
  • safety (physical assets, people); and
  • business continuity.

It is imperative to understand what the adversary will try to obtain or achieve in order to determine what the objective(s) are. Objectives could include any of the following:

  • Steal IP, customer data;
  • Damage business reputation or relationships;
  • Conduct Industrial espionage or gain competitive advantage;
  • Gain undetected persistent remote access;
  • Gain remote control of a system; and
  • Disruption of service.

Based on the objectives set, we search for weak points within the organisation, using various resources such as:

  • open source information;
  • threat intelligence analysis;
  • passive and active scanning;
  • digital and physical reconnaissance; and
  • dumpster diving.

Once a weak point is identified, we create an attack scenario and set up the environment which could include the following:

  • fake web site;
  • rogue access point;
  • impersonation; and
  • exploit development.

Feisty Fox Security then executes the attack which can be delivered under various forms such as:

  • spear phishing;
  • exploitation of a vulnerability or misconfiguration; and
  • physical access.

Upon successful completion of the attack and the objective reached, Feisty Fox Security will present the findings to the organisation and will provide recommendations to fix or to mitigate the specific issue.

Feisty Fox Security will then search for additional weak points and restart the cycle.

tiger%20team