Leet Cyber Security does only ONE thing, and we do it extremely well; we identify security weaknesses by utilizing our unique skills as hackers.
The value we bring to our clients is in identifying security vulnerabilities that criminals, hackers or terrorists would exploit, so that our clients can better manage risk. Vulnerability Identification is a key component of proper risk management. The output from our engagements becomes the input for proper ranking and prioritization of issues, the core of risk management for our clients.
In short we provide insight into the vulnerabilities an organization’s adversary would actually target. This concept is best summarized by a quote from Sun Tzu:
“If you know thyself and know they enemy, you need not fear the outcome of 100 battles.”
OUR CORE SERVICES INCLUDE:
Red Team Tests
Our Unique Approach
Leet Cyber Security is able to deliver services on a recurring basis thanks to our cutting-edge software CyberKatana which allows us to deliver comprehensive efficient and consistent results. All of our services can be delivered in a single point in time or as an ongoing service via an annual or multi-year contract.
There are several industry standard terms which cover the spectrum of services we offer. Ultimately the specific service and scope appropriate for your organization depends upon several key factors, these include:
- Previous vulnerability identification activities, and when they were performed
- Compliance and regulatory requirements
- New systems, applications and networks
- The real-world threats you are likely to encounter
A Vulnerability Assessment seeks to identify all vulnerabilities in a target system. Vulnerability assessments use both automated tools as well as manual testing to identify vulnerabilities. The assessment includes involvement and knowledge from system owners to ensure complete and comprehensive results.
A Penetration Test is a simulation of what an adversary (e.g.; criminal, hacker or terrorist) might do if they targeted a specific system, organization or assets. Unlike a vulnerability assessment a penetration test does not seek to identify ALL weaknesses, instead it seeks to identify weaknesses in and efficacy of operational controls and personnel.
During a penetration test specific actions are taken to determine if the target organization or system has the capabilities to detect and respond to those types of actions. Because a Penetration Test involves testing of operational controls typically only a few liaisons at the target organization are aware of testing activities.
Red Team Test
A Red Team test is an extreme version of a penetration test in which testers seek to simulate a determined and skilled adversary and take actions to specifically evade the client’s security staff.
This is the best option for mature organizations wishing to test security operational processes, controls and personnel. For example a Red Team Test may be the best option when seeking to test the capabilities of an organization’s network security monitoring team, intrusion detection systems and incident responders.
Targeted Assets & Attack Vectors
Commonly targeted assets include:
- ePHI – Electronically Protected Healthcare Data
- PII – Personally Identifiable Information
- Financial Data
- Social Security Numbers
- Credit Card Numbers
- Client Data (Data about an organization’s clients)
- Intellectual Property & Trade Secrets
Common attack vectors for our specific service objectives include:
- Publicly accessible resources and systems on the Internet
- Private Internal network systems
- Custom and Third-Party Web Applications
- Physical Security facilities and controls
- Social Engineering & Phishing
- Mobile Applications
“Therefore I say: Know your enemy and know yourself; in a hundred battles you will never be in peril. When you are ignorant of the enemy, but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are certain in every battle to be in peril.”