Professional Services

Professional
Services

Redaxer provides unique adversarial perspectives into your systems and environments offering multiple consulting services including

Penetration Testing
Red Team Operations
Adversary Simulation

All our services are fully modular, so you can focus the scope of the engagement on specific systems choosing the right activity and we will tailor our service to your business needs, as well as your security priorities. Still unsure? Review our service comparison matrix or talk to an expert. Do not worry, we will work with you to fully understand your organization's needs, goals, and desired outcomes.

SERVICES COMPARISON MATRIX

Below matrix’s show different modular activities that can be fully customized and added to the selected engagement.

	Vulnerability Assessment	Penetration Testing	Red Team Operations	Adversary Simulation
Workstation and Server Build Review
Application Security Assessment (Web, Desktop and Mobile)
Network Security Assessment
Cloud Security Assessment
Code Review
Embedded Devices and IoT Security Assessment
SCADA/ICS Security Assessment
Wireless Security Assessment
Open Source Intelligence (OSINT)
Phishing Campaign
Physical Intrusion
Social Engineering
Custom Evasion techniques
Exploit Development
Tailored Malware
Vulnerability Research

Not sure of what
you need? talk to an expert

Penetration
testing

Application Security Assessment (Web, Desktop and Mobile)

As organisations’ front door, ensuring your applications are secure is an essential part of maintaining a correct security posture as many threat actors will attempt to infiltrate your web applications and underlying software. This test utilizes real world attack strategies to uncover flaws and weaknesses in the application itself and within its relationship with the rest of the IT infrastructure. We can test your web, desktop, mobile and embedded system applications.

CODE REVIEW

Source code review can pinpoint exploitable flaws that cannot be found by normal penetration testing. This activity is executed both manual and automated. We employ automated scanning tools to guarantee maximum code coverage, manually reviewing areas related to application logic and design, which scanners fail to analyse and we review and validate false positives.

CLOUD SECURITY ASSESSMENT

The cloud is an exciting new world that provides limitless opportunities to scale and optimize your business operations taking advantage of the cost benefits, accessibility and flexibility it provides. Unfortunately the rise of cloud-based applications and services that store confidential data creates a prime target for attackers. Whether it’s Office 365, AWS, Azure or Google Cloud, we can evaluate the security of your services, providing you with the assurances you require.

EMBEDDED DEVICES AND IOT SECURITY ASSESSMENT

Internet of Things (IoT) is growing fast and organisations all over the world are utilising the benefits embedded devices can bring. Unfortunately, they have security gaps that threat actors continue to take advantage of. We can review all of your IoT devices analyzing each component and the interaction between them, spotting weaknesses that may otherwise go unnoticed.

NETWORK SECURITY ASSESSMENT

Network infrastructure is critical to the day to day operation of your organisation. Threat actors attempt to gain access to an organization’s internal systems by leveraging these assets. We will focus on exploiting and discovering vulnerabilities on different types of networks associated devices and network hosts, in order to gain access to critical systems or data.The purpose of a network security assessment is to ensure that the infrastructure and systems’ layers have the appropriate security posture.

SCADA/ICS SECURITY ASSESSMENT

While in the past, SCADA systems were isolated from other networks, today's businesses typically require data to be transferred between information technology and operation technology systems, creating the potential for attackers to compromise them. Impact of an Industrial Control System (ICS) breach goes beyond data loss, it can result in gargantuan intellectual property and financial manufacturing losses. In critical infrastructures’ case it could even impact lives. We understand the fragility of environments used in industrial systems and tailor our tests to suit your environment.

VULNERABILITY ASSESSMENT

Vulnerability Assessment is the process of regularly analysing, classifying and categorizing the vulnerabilities of an organization’s network and systems, building a list of known flaws and how to fix them. We provide an advanced analysis of client's vulnerabilities, assessing both the risks related to the business and remediations’ complexity, allowing the management to prioritize patching.

WIRELESS SECURITY ASSESSMENT

Wi-Fi signals often extend beyond the physical perimeter of an organization’s site and even if Wi-Fi attacks require physical proximity to the target, this is typically not a barrier for a determined attacker. Compromised Wi-Fi networks can be easily used as an initial foothold from which to attack the rest of the organisation. We thoroughly perform wireless assessment, including publicly known issues as well as potential problems unique to the client.

WORKSTATION AND SERVER BUILD REVIEW

A build review is a full review of a operating system configuration and security posture from an authenticated perspective. Build reviews are carried out comparing the configuration of workstation and/or servers against industry standard best practices, specifically with the aim of identifying the following: OS patch level, weak security settings, user accounts and password settings, weak file and directory permissions, installed applications and associated version information, and patch level.

Red teaming
operation

OPEN SOURCE RECONNAISSANCE

All offensive operations, be they in the cyber realm or the physical realm, must have a solid intelligence foundation. All our operators are well versed in the art and science which is Open Source Intelligence (OSINT) and Reconnaissance. This kind of activity involves the use of publicly available sources (from search engines, Pastebin, Shodan & Censys to various social media platforms) to collect information about the target. All the single bits of information gathered, when aggregated, can give a pretty solid picture of how an organization functions.

PHISHING CAMPAIGN

Most targeted attacks (APT) campaigns start with a spear phishing email, a single click can have devastating effects. We will imitate phishing campaigns in order to safely determine whether your employees are vulnerable, and what types of phishing are most likely to fool them. Manage risk and prevent such attacks from being successful by deploying a phishing campaign test.

PHYSICAL INTRUSION

Physical intrusion against buildings and facilities have the goal of stealing physical assets, including but not limited to: laptops, USB drives and intellectual property gaining access to business critical areas. The service provides a unique view on corporate’s physical security posture. We will perform full attacks on physical locations which include piggy backing, lock picking, camera avoidance, impersonation, badge cloning, and multiple other techniques trying gaining access to the facility.

SOCIAL ENGINEERING

Social engineering is a breach tactic which involves using deception in order to gain access or information that will be used for malicious purposes. Attackers are finding it significantly easier to circumvent stringent perimeter defenses by targeting the organization’s user population. We will perform on-site social engineering attempting to gain physical access to intellectual property, sensitive information, and access to critical systems targeting organization’s target employees.

Adversary
symulation

EXPLOIT DEVELOPMENT & VULNERABILITY RESEARCH

We perform our research in order to discover unknown vulnerabilities in widely-deployed products and technologies, fine tuning and crafting our exploits for custom environments or applications in order to mimic advanced threat actor and simulate real-world adversaries.

CUSTOM EVASION TECHNIQUES

We constantly develop and research custom evasion and bypass techniques. We will put your firewalls, monitor appliances, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF), Endpoint Detection and Response solutions at the limit of their capabilities.

TAILORED MALWARE

We can re-engineer known malware in order to mimic advanced threat actor and simulate real-world adversaries. We constantly develop and fine-tune our toolset: nation-state grade implants, payloads, C2 frameworks and bespoke malware.