Blog Spotlight

todayNovember 25, 2020

Malware + ShadowBrokers arymdekoharvey

Match Made In The Shadows: Part [1]

Intro Not too long ago the security community was rocked with yet another leak from the #ShadowBrokers[1]; causing an impact worldwide with point and click Domain Admin vulnerabilities. Affecting nearly all dominant Windows operating systems[2] and causing havoc with ransomware adapting this code to propagate worldwide! While some focused on the [...]

Top Voted Blog Posts
Sorry, there is nothing for the moment.


ADVERSARY EMULATION

The Ultimate Red Team Engagement

Challenge your People, Processes, and Security Technology against custom-tailored adversarial scenarios. Our team provides one of the most comprehensive security portfolios of capabilities. We can augment your team with offensive and defensive expertise to make our team an extension of yours.


DISCOVER MORE


Engagement Overview

What is Adversary Emulation?

Adversary emulation, also commonly referred to as Red Team exercises, is meant to provide comprehensive and real-world conditions that demonstrate substantial risks posed by adversaries operating today. The results of these assessments provide your security team with the following:

  • Improve security awareness and training to meet many of today’s SOC KPI’s
  • Assess SOC and Leadership team readiness levels, ability to respond, and handle incidents
  • Assess levels of security control effectiveness and uncover critically imperative security gaps

Adversarial Attack Lifecycle Mapping



Capabilities & Features

Discover how our team works, executes and delivers world-class cybersecurity expertise to government and private sector organizations.


Persistent Red Team Operations™

Our team has the capabilities and experience to run long-term persistent style Red Team engagements spanning up to 6 months in length. This capability is rarely found in our industry and pushes some companies boundaries to produce actual threat and adversary replication.


Strategic Engagement Planning

Whether you want a Black Box or Purple Team style engagement, our seasoned Red Team Operators and Management team can help you design and deliver your organization the ideal test. At Obscurity Labs, we understand that it’s about more than just breaking defensives. It’s about helping identify security control and operational gaps that will prevent you from the next breach.


White Cell Collaboration

Communication is critical to the success of Red Team operations. We take this real-time communication aspect very seriously and provide direct access to Obscurity Labs resources for deconfliction and strategic and tactical decision processes. Our goal is to ensure our customer has the proper channels for escalation and clear guidelines in place.



Environment Strength Observations

During the assessment, the Red Ream often encounters security controls that prevent or forces the team to adapt to the environment. These strengths should be noted and lauded. An organization that understands its strengths will have a more significant impact on the overall security of the network. Our team always captures these for future reporting so your security team has the best data on which tools and processes had a high rate of success.


Gap & Risk Analysis

During Red Team operations, our team will become extremely familiar with your environment, key cyber terrain, and business unit operations. Our team does this to ensure we can provide unbiased risk and gap based analysis of our findings. We provide key finding details and detection recommendations as part of our deliverables.


Executive Out-brief Support

One of the overlooked components of offensive engagements is providing executive leadership and stakeholders vulnerabilities, metrics, and outcomes during the reporting stage. Obscurity Labs provides on-site or virtual out-briefs to executive leadership tailored to the business unit’s requirements. We use this time to ensure the narrative of the test outcomes are properly received and understood.


Custom ROE

Our service adapts to most of today’s threats and can successfully provide you with real-world emulation of those threats. With that comes extensive paper-work! We make it easy by filling out a form to which we provide a custom ROE based on the on-boarding and scoping process, which ensures we protect you from unnecessary actions that can cause impact to your business’s operations. We provide descriptions and expert guidance when planning your next Red Team!



Documentation & Reporting

We provide custom-tailored reporting in the format you prefer.



On-tap Security Consulting™

When you enroll in an Adversary Emulation Engagement with our team you gain exclusive access to our On-tap Security Consulting team. This lets you know we stick with you the entire year, summarize, perform a quick analysis of duplicates. Ask our team about any security concerns, implementation, or ways to improve. We are here to help you! We are more than a pentest company!



What Sets Us Apart

RED TEAM TTPs

We take our TTPs serious. We are capability driven.


CUSTOM TOOLING

Extensive work has been completed to create custom payloads, loaders, implants, persistence, and lateral movement TTP’s. It’s critical we educate and teach our clients through IOC’s generated to help teams create effective IOCs.

INFRASTRUCTURE

Our team uses a variety of owned, cloud, and third-party services to achieve real-world threat representative engagements. This allows your team to focus on Hard IOC’s rather than hunting down Soft IOC’s that may only scratch the surface of the training event.

SANDBOX TESTING

Every agent we deploy is tested in-house against sandbox technology to ensure we are objectively leaving behind the correct IOCs for our counterparts. This ensures our team is delivering real-world replicative threats.

AV/EDR TESTING

Our team tailors their implant around a large subset of the market leaders to ensure we are providing matched capabilities to Nation-State APT TTPs.

PRODUCTION SAFE

A critical component of a Red Team’s maturity is the ability to thoroughly test, maintain, and develop in a secure environment. This comes with the need to thoroughly test TTP’s in a close as possible production parity. Our team is one of the few that have an on-staff agent development team!

ONNET OPERATORS

Every single operator is extensively trained on the tooling and capabilities our tools contain. This reduces the risk for the client while providing extensive IOCs for recovery. Our operators have experience operating within SCADA to Cloud Converged environments.

DATA CAPTURE & REPORTING

We capture and log throughout the engagement to ensure we capture as much of the operator’s intent as possible. This data and timeline will help grow your security team’s analytical capabilities and help them understand the attack’s anatomy.

COVERT OPS

An engagement with our varying levels of complexity and capabilities to achieve objective targets is useless. It provides no real-world value or simulation training for today’s defenders. Our team uses multiple TTPs depending on the complexity and maturity of your environment.

Background

Methodology

How It Works

The fully integrated system provides live updates and complete security of inbound and outbound data.


PHASE 1

Onboarding & Scoping

Work with client to establish a MSA and Rules of Engagement (ROE) and define a Work Breakdown Structure (WBS). This allows our team to close with your stakeholders and security team to put in place a testing schedule to ensure we meet your business requirements. Our team will spend the time to fully understand your Objectives so we fully meet your requirements.

Onboarding & Scoping
Background

Phase 2

Effect & Objective-Based Planning

Key factors or KPI (Key Performance Indicators) for many security teams and SOCs to effectively test and plan for are specific identified Threats & Risks. Some of these risks are often identified for our team as Targets or Objectives to complete during Adversarial Emulation events. This is a driving factor which many Red Teams & Blue Teams often miss when properly planning. We make sure this is at the forefront of our scoping to ensure we effectively help reduce or understand your current risk.

Effect & Objective-Based Planning
Background

Phase 3

Reconnaissance & Targeting

The External Footprinting phase of Intelligence Gathering involves collecting response results from a target based upon direct interaction from an external perspective. Our goal during this phase is to ensure we have as complete coverage as possible for external and internal testing.

Reconnaissance & Targeting
Background

Phase 4

Physical or Perimeter Scanning & Exploitation to Establishing Foothold

Our team spends the required time and intelligence gathering to ensure we have all the required information to breach your external boundaries successfully. Using common Tactics Techniques and Procedures (TTPs), our team has extensive experience in exploitation and phishing tactics often used by today's adversaries.

Physical or Perimeter Scanning & Exploitation to Establishing Foothold
Background

Phase 5

Privileges Escalation, Attack Mapping, & Lateral Movement

Using standard and custom Tactics Techniques and Procedures (TTPs), our team uses expertise to safely and effectively gain access to environments of interest. Finally, using privileged access, our team will use stealthy or breach simulated scenarios to access resources or objectives.

Privileges Escalation, Attack Mapping, & Lateral Movement
Background

Phase 6

Objective Targeting & Operational Completion

We understand that Red Team Assessments are not about obtaining privileged access. Our team has extensive knowledge of threat actors and their Tactics, Techniques and Procedures (TTPs). We use this during the engagement to fully emulate the chosen threat. We perform true threat replication upon completion to ensure our blue team counterparts obtain operational training.

Objective Targeting & Operational Completion
Background

Phase 7

Reporting, Documentation, & Executive Outbrief

Finally, our team puts together an extensive engagement report with reporting data, assessment overview, executive summary, assessment results and detailed vulnerability results. We also provide access to our hosted internal threat library with all attack chains mapped from start to end. Our team conducts a remote or on-site out brief with your executive leadership, so your executive leadership fully understands the risks, remediation, and team recommendations.

Reporting, Documentation, & Executive Outbrief
Background