Defendza's offering included tailor approach for this client, therefore providing project flexibility and control with the customer. This was based on a two-phased approach, first phase involvined remote execution techniques based around remote social engineering only. This process to be followed up with onsite activity based on the first phase outcomes.
In line with red teaming attack methodlogy, the first and most important phase is the data collection and analysis. This open source intelligence (OSINT) activity involves techniques to obtain wealth of information leaked on the internet already. OSINT techniques vary from finding employee related information (email, social media, geo tagging info), checking leaked credentials to vulnerable devices on the internet.
Using the data obtained in open source intelligence, Defendza carefully carved a campaign targeting only the required group of employees from support function. This is an important step as support personnel often deal with multiple clients, in this case multiple banking clients. It's crucial to avoid any alerts and suspicious on the client-side at this stage. Other activities in this methodlogy include maintaing access after initial foothold, persisting through multiple sources to ensure access is not lost and performing lateral movements for privileges as well as data searches.
Until the objectives agreed with the client before the start of this campaign are met, this activity continues till the defined timelines. The underlying objective of this campaign includes preparing timelines for exact techniques, keeping logs of the work and providing a detailed view of attack simulation to client teams.
A debriefing workshop was conducted for two days to ensure red team has offloaded all knowledge to blue team as knowledge sharing objective (agreed beforehand). This is to ensure that the client undertands and prepares a roadmap for weaknesses identified at strategic and technical levels across the organisation.