The initial phase includes gathering information about the target infrastructure or organization. This process includes active reconnaissance methods such as network enumeration and scanning in order to identify potential vectors or entry points. Our recon utility includes Nmap, Zmap, Netcat, Wireshark, etc.
As we discover potential targets and access vectors against the target infrastructure, we will then proceed to equip ourselves with the appropriate offensive tools to support our attack chains. This includes tailoring or engineering necessary scripts/programs or malware to carry out our intended objectives.
After identifying weaknesses and entry points, we attempt to breach the target environment. At this point, the main focus is gaining and maintaining the first foothold within the target network which enables us to establish a presence and execute exploitation tactics. Some of these initial access methods may include spearfishing, brute-force attacks, SQL injection, etc.
This process of active exploitation involves the tactics, techniques, or procedures needed to effectively exploit any vulnerabilities identified during any intel/reconnaissance. After exploiting weaknesses within the target system, this enables us to proceed with our intended cyber effects (denial, degradation, disruption, etc).
During the attack campaign, we may deploy payloads or malware to enable backdoors, C2 communications, exfiltration or similar capabilities. These payloads will be critical to achieving post-exploitation actions or long term persistence mechanisms for the offensive operator. The binaries or malware is usually tailored during the weaponization phase.
During this portion of the attack campaign, we establish communication channels (HTTP/HTTPS, DNS, etc) in order to effectively control the compromised hosts or networks remotely. Additionally, this enables further remote execution to carry out additional attacks, exfil, or effects. We have experience in different C2 frameworks such as Cobalt Strike, Metasploit, Empire, as well as custom-developed C2 utility.
After careful coordination and planning, we then finally execute offensive cyber operations that align with our strategic objectives and the customer's requirements. As mentioned above, this can include disruption, manipulation, exfiltration or denial against critical services, communications, or infrastructure.
Lastly, when the attack campaign is carried out and executed, the customer will receive complete documentation on every process and method involved against the target. This will include extensive reporting on vulnerabilities, exploits, initial access vectors, post-exploitation actions, command and control, payloads, and inputted commands. Depending on your organizational requirements, this documentation deliverable is highly malleable and dynamic. We ensure the highest prioritization for your requirements.