Adversary Simulations and Purple Team Exercises

To adequately defend ourselves, we need to understand how attacks occur.

Analysts watch dashboards full of false positives and waste time tracking down benign threats. With purple team exercises, you'll pinpoint which alerts are indications of a real compromise and filter out the noise. Understanding how advanced threat actors are moving throughout networks allows defenders to monitor and alert on suspicious behaviors before any damage is done.  

Our offensive security experts are specially equipped to simulate real-world attacks that APT groups use in the wild. Using the ATT&CK Framework from MITRE as a baseline, supplemented with our offensive techniques, we step through every phase of an attack from network enumeration to privilege escalation to full domain compromise. We'll help verify your existing controls are working by executing attacks in your environment in a controlled setting. We'll pull the curtain back on how attackers exploit a target.

Techniques covered include:

Initial Access

  • Phishing Link
  • Phishing Attachment
  • Password Spraying
  • Removable Media
  • LLMNR/NBT-NS Poisoning (Responder Attacks)

Persistence

  • AppInit DLLs
  • Component Object Model Hijacking
  • Created Account
  • Launch Agents
  • Login Item
  • Registry Run Keys
  • Silver/Golden Tickets

Privilege Escalation

  • Access Token Manipulation
  • AppCert DLLs
  • DLL Search Order Hijacking
  • SID-History Injection
  • Sudo Caching

Lateral Movement

  • Logon Scripts
  • Pass the Hash
  • Pass the Ticket
  • Remoting Services
  • WMI
  • Credential Relay

Credential Access

  • Credential Dumping
  • Credentials in Registry
  • Kerberoasting
  • Two-Factor Authentication Interception