If your organization was breached, what would that mean for you?

The answer is likely similar to the majority of organizations that have not considered all the variables an outside attack could yield. In fact, few have mapped their assets and processes to identify what the potential financial, operational and privacy impacts could be.

Many organizations are not properly testing real-time detection and response capabilities against sophisticated outside attacks. Managing as well as executing attack simulations is not something most organizations are experts at.

Purple Team Penetration Testing

A Purple Team Penetration Test is a hybrid test designed to help clients get more out of their pentesting efforts. This is done by adding a blue team element as well as conducting a “macro” pentest.  “Macro” assessments evaluate and find vulnerabilities in every layer of your security.   The blue team exercise is when our testers work with your blue team or security operations center to refine and enhance detection capabilities. This provides real insight into what a real life hacker attack looks like and is therefore perfect for enhancing your defenses against an APT or advanced persistent threat.   Upgrade Your Penetration Testing Today

WHERE CAN YOU FIND OUR WORK?

Industries PeopleSec operatives have contracted in:

  • Gaming
  • Healthcare (Including Top 20 Hospitals)
  • High Finance (Top 5 & as well as many other top 100)
  • Fortune 100
  • DoD Contractors
  • Law Firms (Top 100)
  • Charitable Organizations
  • National sporting teams

Do your pentests get domain admin?

We guarantee it.

Our Methodology Includes;

  • Open Source Intelligence (OSI) Recon
    • During this phase of the assessment our ethical hackers assess your digital footprint.   They scour the internet and social media for any information they can use and you would be amazed at what all they find.    This information is used throughout the entire assessment.  
    • We share all key data we find as an informational finding in our live reporting tool.
  • Perimeter Assessment –
    • During this phase we identify weaknesses or vulnerabilities on your perimeter and exploit them to gain remote access into your networks.   
    • We share all weaknesses and vulnerabilities that we discover in real time.
  • Human Based Attacks – Remote (Social Engineering, Phishing, Password Guessing, etc)
    • During this phase our hackers use social media, texting, instant messaging, phones, and emails to trick users into giving intel, passwords, or back doors into the network.   
  • Human Based Attacks – Onsite (tailgating, usb drops, gaining access to restricted areas)
    • During this phase of the assessment our engineers test your human security by doing things such as attempting to talk their way into your facilities.   Our engineers have talked their way into bank vaults, server rooms, game ops centers for pro sports teams and more.   
  • Physical Security Assessment
    • This phase looks at your physical security controls such as locks, guards, video cameras, motion detectors, RFID systems, and more.   Our engineers have cloned RFID badges by simply passing someone in the street, they have picked exterior locks at top secret facilities in seconds and have found thousands of physical security weaknesses during assessments.   
  • Internal Recon
    • Here we look at stuff like, who are the admins, what are all the users on the network, what security controls are in place, what IP ranges are there and more…
  • Internal Vulnerability Exploitation
    • This phase focuses on expanding the foothold and gaining access to more network resources.   Most networks have a large amount of unremediated vulnerabilities on their internal network.   Our penetration testers identify key assets with exploitable vulnerabilities and and gain user or admin rights on the network.
  • Lateral Movement – User Accounts Hacking
    • This is a key phase of the assessment where our engineers work to identify the weaknesses in your network that can allow for lateral movement.    Removing the enemy’s ability to move around your network is imperative in mitigating real world attacks.     
    • Recon
      • Identify privilege accounts
      • Associate accounts with targets
    • Weak Password Exploitation
    • Privilege Escalation
      • Penetration testers will use the data they have gained previously in the assessment to attempt to gain access to defined critical assets without being detected.  
    • Hijack Privileged Accounts
    • Gain Domain Admin or equivalent
  • Data Exfiltration
    • Our engineers test their ability to exfiltrate data and avoid detection.
  • Live reporting
    • Our unique and proprietary feature The DAP 

Why is it required?

Advanced Persistent Threats are not mitigated by simply installing standard security software and hardware such as firewalls and antivirus. Cyber security professionals identify your threats then implement safeguards to protect against them.

  • Open Source Intelligence (OSI) Recon
  • Perimeter Scans
  • Perimeter Exploitation
  • Human Based Attacks – Remote (Social Engineering, Phishing, Password Guessing, etc)
  • Human Based Attacks – Onsite (tailgating, usb drops, gaining access to restricted areas)
  • Physical Security Assessment
  • Internal Recon – (Identifying admins, users on the network, security controls, vulnerabilities etc,)
  • Internal Exploitation
  • Lateral Movement
  • Privilege Escalation
  • Data Exfiltration
 

What can we do better than the bad guys?

Major accomplishments of PeopleSec operatives during prior engagements:

    • Perfect record  at achieving remote access as well as gaining domain administrator access
    • Socially engineer access to bank vaults
    • Socially engineer physical access to the money cage at multiple casinos
    • Picked locks at a Top Secret facility in under 10 seconds
    • Bypassed almost every network security control in the industry
    • Accessed the central operations center during a major sporting event and gaining control of the jumbotron screen

“The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeros, little bits of data… There’s a war out there… and it’s not about who’s got the most bullets. It’s about who controls the information.”

(Federation of American Scientists – Intelligence Resource Program)