Key service offerings
Adversary simulation & Red Team
Metric-Centric, Repeatable Approach
Our consultants have experience delivering on regulated adversary simulation engagements under the CBEST, TBEST, TIBER-EU and other frameworks, so we understand threat intelligence led security testing. We can mount attacks against the People, Process and Technology layers in full spectrum threat actor simulations where the following controls are assessed:
- Employee Security Awareness and Phishing resilience
- Email Filtering
- Email Anti-Spoofing Mechanisms
- DNS Filtering
- Web (HTTP / HTTPS) Filtering
- Network Filtering
- Workstation Hardening
- Antivirus / Anti-Malware
- Application Whitelisting
- Protection of PrivilegedAccounts - Local Administrators
- Application Security Settings
- Employee Laptop Protection
- Malicious Network Activity Detection
- Monitoring and Incident Response
- Protection of Privileged Accounts - Domain Administrators
- Protection of Privileged Accounts
- Protection of Service Accounts
- Domain Security Policy
- Data Loss Prevention
- Patch Management Policy
- Weak Password Policy
- Network Segregation
Cyber High-Level Methodology
Our methodologies are mapped to the MITRE ATT&CK framework, where we are delivering bespoke engagements for clients, but typically follow a six step model working our way from out to in, to fully assess operational impact. Our tooling and activity in the six steps:
Physical Intrusion Methodology
When performing Red Team assessments in the United States, or where our client requires a physical component, our methodology is outlined below. We use former Royal Marine Commando and British Army Intelligence capabilities:
Infrastructure Penetration Testing
Network, Infrastructure & Cloud
Whether you are a digital asset provider with some Azure cloud infrastructure, or an international telecoms organisation with hundreds of thousands of public IPs, we can thoroughly assess your network infrastructure (on-prem or cloud) with expert level attack coverage.
Atlan Digital works with you to develop a detailed scope of the penetration testing to be undertaken.
In the first phase Atlan Digital will perform OSINT, analysing the routing mechanisms, and then all your systems will then be scanned for all active TCP and UDP ports and we will establish the security rule-base.
In the exploitation phase Atlan Digital will iteratively identify and exploit vulnerable systems using public vulnerability information, and configuration & design errors. A scenario analysis over the entire network will is conducted.
In the final phase Atlan Digital will perform comprehensive reporting of the issues identified. The risks will be rated according to numeric CVSS scores alongside an internal qualitative risk grading.
Web Application Penetration Testing
360° Coverage on Web Application Pen Tests
Enterpise applications, e-commerce platforms, trading systems, SasS platforms and other web first components dominate the corporate landscape. We work to comprehensively assess their security posture for known and unknown security vulnerabilities.
Mobile Penetration Testing
Mobile Application – Android & iOS
As an extension of web applications, mobile applications can allow extended funcionality - whether as a transcation signing mechanism, custom 2 factor authentication solutions, thick clients providing business critical functions - we inspect these applications at the deepest levels.
OWASP Top 10 – Mobile
While specific techniques exist for individual platforms, a general mobile threat model is used by Atlan Digital in creating a mobile security testing methodology for any platform. The outline below describes this general mobile application testing methodology.
Tasks and requirements before conducting the mobile security assessment.
The steps and things to consider when you are in the early stage reconnaissance and mapping phases of testing as well as determining the application’s magnitude of effort and scoping.
Analyzing raw mobile source code, decompiled or disassembled code.
Executing an application either on the device itself or within a simulator/emulator and interacting with the remote services with which the application communicates. This includes assessing the application’s local inter-process communication surface, forensic analysis of the local filesystem, and assessing remote service dependencies.
ICS Penetration Testing
Industrial Control Systems (SCADA)
Critical infrastucture provides much of the backbone of a city's, or even a country's successful operational ability. In troubling times, these systems can be high priority targets for nation states, or advanced cyber criminal groups. We can apply our methodologies to help identify weak points and security risks to allow you to mitigate them.
- Define business purpose of engagement
- Determine sensitivity of business functions and processes
- Create and agree ICS business process model
- Confirm specific systems, devices and infrastructure in scope
- Confirm composition of testing team
- Gather threat intelligence
- Conduct threat modelling exercise
- Determine major vulnerabilities
- Assess risks and priorities
- Agree risk-based approach to testing
- Conduct ICS device discovery exercise
- Determine network topology
- Gather and review ICS network and device configuration information
- Create and agree ICS technical infrastructure mode
- Create test scenarios
- Determine offline and online tests
- Determine resource requirements
- Create and agree progressive test schedule
- Undertake and document offline and online tests
- Analyse test results and consolidate findings
- Document ICS environment remediation recommendations
- Review findings with key stakeholders
Secure Code Review
Finding security vulnerabilites before applications reach deployment stage is critical. We can work with your developers collaboratively to bake in security or even help you develop a Secure Development Lifecycle (SDLC).
Secure Code Review:
Reviews are performed in alignment with industry proven best practices, guidelines and standards from organisations such as OWASP, MITRE, CERT and NIST. A general threat model is used by Atlan Digital when conducting source code reviews for complex enterprise applications.
Evaluating tasks and requirements for conducting the code review, as well as assessing the application’s magnitude and scope of effort required.
Analysing raw source code, using manual techniques and automated scanners that highlight code hotspots.
Developer & Architect Interviews
We will work closely with the developers where appropriate to expediate the process of understanding the code, understanding the architecture of the application and providing knowledge transfer.
Review of all the application’s supporting documentation and development guidelines. This allows consultants to identify the intended purpose, functionality and development approach.
Working in combination with static analysis using human and automated resources; we will also perform dynamic analysis of the code, in the event the code is unreachable statically or where efficiency is improved dynamically.
Custom Software, Machine Learning & Tooling
With many of our consultants having contributed to the security community, or having been full time developers themselves, we can respond to requests to develop programmatic solutions where cyber security domain knowledge is essential.
Example Capability - SharpML:
SharpML employes C# to mine Active Directory file shares, while bundling a resource file. This resource file is a custom Machine Learning algorithm written in Python (compiled with Pyinstaller) whose logic uses Clustering and Classification to evaluate the likelihood of a User / Password pair combinations and subsequently automictically test these against a Domain Controller to assist operators in identifying passwords littered on fileshares.
A version of this tool had been open sourced by the consultants when at Hunnic Cyber but Version 2, wherein further developments have been made internally by Atlan Digital can be requested. The write up for this project can be viewed here. Our current research outline around building a Generative Adversarial Network for Malware Development can be viewed viewed here.
We can develop solutions to complement our manual testing activities to enable a client to be tested 24/7, 365 days of the year.
Red Team & Malware Development
We can assist clients or other consultancies in developing tooling to enhance security testing activities.
Machine Learning & Automation
As part of our consulting efforts we can develop solutions to help automate security tasks, continuous security scanning tools or apply machine learning to security problem solving.