Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cyber Attack Simulation

Is your business aware of how much information makes its way onto the internet? Make sure your employees are aware of today’s online risks, and avoid being targeted by cyber criminals.  

Find out more
Download a complimentary copy

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Portfolio

Service Offering Insights

Why choose us?

  • Extensive sector-based experience
  • Focus on service quality, insight, and client business
  • Thorough analysis and reporting to cater management and technical audience
  • Our proposals are customer centric, no fixed sales packages offered
  • Aftercare support includes debrief and help with the remediation plan

Our qualifications

Defendza as a business, as well as its consultants, are equipped with some of the best-known certifications, accreditations and qualifications globally. These include CREST, GCloud 11 Framework, ISO quality management certifications for the business and our consultants are Ex Check Team Leaders/CCT Infrastructure (2012, 2015) and Web Applications (2009,2012,2015), OSCP (Offensive Security Certified Professional), CREA (Certified Reverse Engineering Analyst), CREA (Certified Binary Auditing Expert), CISSP (Certified Information Security Systems Professional), SANS GSEC & GCIH Silver (Hacker Techniques and Incident Handling), CCNA (Cisco Certified Network Associate), CEH (Certified Ethical Hacker). 

Key benefits

Conducting regular penetration assessment offers the following benefits:

  • Assess your security controls and approach towards cyberattack preparedness
  • Manage your network based risks in a structured and organised manner.
  • Evidence of compliance with ever changing regulatory/certification requirements.
  • Assess your corporate security culture including passwords, patching, and auditing, logging and information storage practices.
  • Assuring your supply chain (suppliers, vendors) that you take the security of your data seriously.
  • Protect your client loyalty and brand image by demonstrating security adherence.

Red/Blue/Purple Team - what?

Red Team - A cyber attack simulation carried out to conduct a real life attack for assessing the attack preparedness.

Blue/Purple Team - These are exercises where we work in collaboration with your security teams to ensure it is a learning exercise to improve your detection and response capabilities

Reasons for Network and Infrastructure Related Assessments

Given the advancements in Tactics, Techniques, and Procedures (TTP), organisations must evaluate people, processes and the technology in use to avoid potential loss of Confidentiality, Integrity and Availability of their data. The best way is to seek validation from an  independent third-party organisation such as Defendza to identify gaps in the current security controls across the estate or specific assets, such as devices in use. With this assessment, you should not only get a picture of your current situation, but also help and knowledge sharing to address the identified risks.

Check your business' ability to deal with a real-time attack.
Call Us Now

Our Approach

At a high level, our approach towards attack simulation (Red Team) assessments is as follows:

Step. 1
Scoping and Customer Insight

When you decide to give us the go-ahead, our very first step is to gain insight into your motivation, so that we can advise on your real concerns. The comprehensive process we go through to understand this determines the vision for the project. At the technical level, this includes assets to be included, their fragility and importance to the environment. 

01

Step. 2
Reconnaissance and Intelligence Gathering

The first step of reconnaissance activity includes passively identifying the hosts and services visible on the Internet. This includes limited Open Source Intelligence phase. During red teaming or related offensive security projects, this exercise involves extensive information gathering about a customer's people, processes and technology in use. Research based threat intelligence is an integral part of any offensive exercise.

Overall, the aim of this phase aims to harvest as much information as possible about your organisation that would be used for later phases.

02

Step. 3
Red Team Setup

This phase involves attack infrastructure setup, and in detail requires many inputs from the OSINT phase performed previously. These include email and related infrastructure software base in use, cloud providers, content delivery networks (CDN), and related pieces of information. 

At a high level, based on voice, email and other scoping items, infrastructure setup and test cases are prepared for execution.

03

Step. 4
Attack Execution

  • The first foothold is gained on the client infrastructure via any of the email phishing, voice phishing or malicious USB drops. 

  • Recon followed by Privilege Escalation attempts to achieve the highest level of access on target systems
  • Internal Recon to enumerate information about people, processes, and technologies in internal segments

  • Move laterally across different network segments.

  • Achieve and maintain persistent access across different paths

  • Agreed objectives are assessed, supported evidence is taken out and verified with client

04

Step. 5
Reporting

The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels. 

05

Step. 6
Communication & Debrief

We take customer communication as seriously as reporting or assessment execution. We engage with customers during all stages, and ensure that customer contacts are up to date in the language they understand. Post engagement, a free debrief is conducted to help the customers understand the weaknesses and prepare a mitigation plan.

06

Related Resources

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company