Audits and penetration testing

Audits, security assessments, and risk analyses

Performance of external or internal audit activities according to the standards of ISO, NIST, or Czech legislation. We use conventional audit methods and procedures, but also unconventional ways of meeting the objectives of the fact-finding activities, always with the aim of improving the client’s safety level. Penetration testing methods may be used in audit assessment activities.

Penetration testing

Penetration testing is one of our core activities. We perform black box and white box testing of technologies, systems, processes, and human factors safety. Our scenarios are not generic as they are always based on knowledge of asset value, understanding of vulnerabilities, threats, and risks. In cybersecurity, our penetration tests are fully aligned with NÚKIB (National Cyber and Information Security Agency) methodologies.

Security policies and strategies, concepts for managing the operation of information or security infrastructure

Creation of strategic documents and processes, their revision and implementation, life cycle management of strategies and policies. We help our partners maintain consistency of vision, strategy, and implementation documents not only on a one-off basis, but particularly on an ongoing basis.

Red Teaming

A Red Team is a dynamically assembled team of IT and other offensive cybersecurity experts whose goal is to simulate or execute a cyberattack using the most effective tactics and techniques, including the initially intelligence or combat ones.

The Red Team will validate the possibility of potential intruders gaining remote or local access to the IT or OT infrastructure. It also verifies the organization’s ability to detect cyber attacks properly and respond to them in a right way, including adherence to established internal policies and processes. In specific cases, the Red Team can conduct penetration and attacking directly.

The Red Team operates from the scratch without detailed information about the entity being tested or attacked, and it has only legal limits in order to achieve its goal. When it comes to testing, the staff responsible for operations and defence are not informed about the performed tests.

We also deliver a special management course for Red Team leaders or commanders.

Basic phases of an attack that form the subject of training

During this initial phase, the Red Team collects and analyzes information about IT/OT assets, employees, buildings, and processes that are accessible from open sources – OSINT (Open Source Intelligence) – using passive and active information gathering techniques. The information gathered is used to identify vectors and objects for the preparation and execution of a cyber attack, including the preparation and development of appropriate tools for its execution.
Information obtained often through social engineering is used for initial access to the target environment. Once initial access to the corporate environment is gained, this access is secured and the Red Team’s position is strengthened.
After gaining the initial access, gathering information on internal IT and OT infrastructure, expanding access to other systems, and further strengthening of the company's position in the internal environment are carried out.
This important phase is used to evaluate whether the information and access obtained are sufficient to meet the objective of gaining access to the IT/OT infrastructure. If not, the Red Team will increase its efforts to obtain the required level to meet the objective.
As soon as the objective of the simulation or cyber attack is met, those responsible are informed that a final team test report or execution of the impact of the Red Team's actions is ready. Regarding the test, sensitive information obtained during this test (how access was gained, how to remove simulated attack artefacts, login credentials obtained, etc.) is immediately handed over to the responsible persons.