What is it?
The applications and services exposed to the Internet are one of the most critical assets of an organization, due to its constant exposure to possible external attacks by hacktivist groups, cybercriminals and goverments. Similarly, and not least, is the security inside the perimeter, where an insider, such as a disgruntled employee, or where an attacker who has managed to penetrate the perimeter of the network, can put at risk the entire organization, altering or destroying valuable data or exfiltrating them abroad. These problems are compounded by the increasingly common use of cloud services, where the need to collaborate with different providers blurs the boundaries of trust, hindering the correct implementation of security measures.
For this reason, it is important to submit external and internal applications, services and infrastructures to simulated attacks. The simulation of adversaries must be based on real campaigns, simulating the same TTPs (Tactics, Techniques and Procedures) used by malicious actors. This allows to identify and quickly correct any weakness that can be used against the organization, also improving detection and response capabilities.
At Zerolynx we have extensive experience in the realization of offensive security services and emulation of adversaries, with presence in large national and international clients of all sectors. Based on our experience, using our own and third-party tools, and combining it with manual tests, we are able to efficiently and efficiently find complex avenues of attack that could compromise the confidentiality, integrity and availability of our clients' assets.
Through these exercises, we issue a risk analysis based on proven facts, being able to demonstrate the real impact in a more effective way than an enumeration of vulnerabilities, thus being able to show the real risk to which a company is exposed.
Below, our main cybersecurity exercises are listed:
Source code reviews: Applications for smartphones, web systems and desktop clients are some of the main systems used by companies to provide services to employees and customers. It is vital to review their security before releasing them to production in order to avoid public data exposure and confidentiality, integrity and availability will be affected. We are experts reviewing applications in languages such as Objective C (iOS), Java (Android), C # and Visual Basic .Net, J2EE, MVC, C ++, C, etc.
Services & external and internal applications: Applications and services, both internal and external, are one of the main assets of an organization, its security is vital. We review all of them and advise you to solve your main problems (code injections, buffer overflows, impersonalizations, etc.)
Network elements & Perimeter protection (firewalls): Perimeter protection systems are the first defense barrier from outside the network, and protect their demilitarized networks from attackers and intruders. Its regular revision is fundamental, and must be patched and configured in an appropriate manner to guarantee its effectiveness and efficiency. We check their correct status and help you to parameterize them to block attacks.
Networks & Internal systems: We review the security of your network and internal systems in order to evaluate possible security breaches that may be exploited by an insider, such as disgruntled employees, users accessing your network through a poorly protected wireless network or exposed workstations.
Active Directory & LDAP: LDAP stands for Lightweight Directory Access Protocol, an application-level protocol that allows access to an organized and distributed directory service to search for diverse information in a network environment. Maintaining a directory tree that is orderly, well configured, and with adequate security measures is vital to guarantee a homogeneously protected network.
User's stations: Laptops, landlines and tablets are the main elements used by employees to perform their tasks and therefore, one of the main sources of security problems in an organization. Generic administrator users, outdated operating systems, insecure software, bad bastion policies at BIOS/UEFI Windows level, are common problems that are found regularly in companies around the world. Therefore, it is advisable to check your security constantly, and configure and maintain corporate models of secure operating systems.
Mobile devices & MDM solutions: In recent years, smartphones and tablets have become a device in companies, indispensable in many cases. These devices are small computers that likewise contain confidential information, and have access to critical services of the company. Therefore, its security should be equal to that of work computers, and even higher on numerous occasions, due to the greater ease that they have of getting lost due to their small size. The security reviews of corporate mobile devices and management solutions (MDM) should be something natural, and be proceduralized within the cybersecurity review campaigns of the rest of the corporate devices.
POS terminals & Payment gateways: POS (physical and virtual) and payment gateways are services used regularly by companies to facilitate the purchase of products and services for their customers. Its security is vital, because malicious use can cause catastrophic economic losses, together with various sanctions for non-compliance with regulations such as PCI-DSS or directives such as PSD2. The review of your security is one of our specialties, and we have extensive experience reviewing a large number of physical, virtual POS models (web, Android and iOS) and identifying 0-days in the main suppliers of the market.
IIOT: Industries have evolved, been automated and have powerful machinery designed to develop their products and services in the most efficient way. All these instruments are generally controlled by industrial control systems, which control and monitor the activities, and by various probes, plcs, actuators, etc. who are in charge of the operation. With a large number of suppliers such as Siemens, General Electrics, Schneider, ... and an infinity of protocols, such as Modbus, among others, the cybersecurity review of these systems becomes a complex task within the reach of a small group of experts. This problem is compounded by the complicated casuistry that these systems can rarely be reviewed outside of a production environment, which requires auditors to have special care and knowledge for the performance of their work. Our experts have extensive experience in sectors as diverse as the pharmaceutical industry, the food industry, the oil&gas, or the textile industry.
Red team: Through the red teaming we seek to emulate real threat scenarios that an organization could face, analyzing security from the point of view of an adversary. Our red teaming approach has the dual objective of training people, and of checking the effectiveness of the processes and technologies used to defend corporate environments. During the exercise, we execute a series of scenarios that test the ability of the organization to detect, respond and recover from an attack. The red team, using Tactics, Techniques and Procedures (TTPs), helps to get a deeper understanding of how the organization would behave facing off a real threat scenario, allowing to identify more accurately the existing weaknesses, and therefore helping prioritize and focus on those areas where you really need to improve.
Exploits & 0-days: A 0-day vulnerability, is a security failure that is generally unknown by the manufacturer, and therefore by the organizations that make use of their products, being therefore unresolved problems that can cause a significant security breach. Our development team and cybersecurity has experience in the development of exploits and the violation of 0-days, which can be used to help in the discovery of vulnerabilities, and in support of patching tasks.