VULNERABILITY ASSESsMENT

Before we go in detail

As with ALL of our services, your consent is required. We will only conduct these attacks with written the consent of the individual who is retaining our services. All persons involved must provide written consent unless the signing individual's consent supersedes that of all of the other parties involved.

Personal Vulnerability

A personal vulnerability assessment is one where we locate all that we can on your person. This includes but is not limited to family, friends, associates, phone numbers emails, addresses, etc. With something as simple as your address & social security number we would effectively have the ability to port, or "high jack" your sim card, thus giving us access to all incoming & outgoing calls & text messages from your device. In addition, we could then use that access to bypass all of your Two-Factor authentication on all of your accounts & gain access. Passwords changed, bank accounts drained, & your life in ruins. And that is only the tip of the damage that we, & a malicious attacker could inflict upon you & your loved ones. In total, that attack mentioned above would take about a week from start to finish.

Organization Vulnerability

Similar to the above, we would identify vulnerabilities within a given business, company, or organization via similar methods. However, instead of limiting it to an individual, we would aim it at a given group as a whole. We, & an attacker, typically begin this type of assault through a personal vulnerability assessment and then spread to the higher ranks within a company once the lower-ranking individual has been compromised. However, the lower-ranking individual would never know they were compromised. The attacker would use their credentials to gain access to a company email & follow the same steps until the CEO/high-ranking individual is compromised. Once that access is gained, an attacker would then have the authority of the high-ranking individual's company access; the endgame is often a ransomware attack, which we are able to simulate as well.

Red Teams

Our Red Team Approach simulates an attack, both digital & physical. Just as listed above we will put together a comprehensive vulnerability assessment, however we will go one further and carry out the attack itself as scenarios are listed above to that effect. The main difference between a vulnerability assessment & a Red Team approach is that an assessment will only tell you what you are vulnerable against, adding the Red Team approach will actually test against it.