Skip to main content

Cyber Security

Effective Cyber Security Measures

If you own a business or are responsible for an organisation’s information technology, core data or digital business processes, what are you doing to protect against cyberattacks?

Being prepared to defend against a cyberattack means, having the right controls and processes in place to respond to threats quickly and effectively. If these controls and processes are not in place, a cyberattack can lead to financial loss, theft of personal information and damage to your reputation.

At Adept Advisory we use skilled cyber security professionals to review your current security posture, security controls, detection methods and defence processes that are in place to help you understand your current risks, weaknesses in security controls and threat landscape. We offer a suite of services to assist you to be prepared for a cyberattack

Cyber Security Assessments

Comprehensive Cyber Security Assessments for Effective Protection

We specialise in conducting cyber security assessments, ranging from traditional audit assurance, best practice maturity assessments and penetration testing techniques. We have had great success with our blended methodology approach, where we use penetration testing to test an organisations’ cyber security defences, and report the results using best practice security frameworks, such as CIS Top 18 or NIST. We also conduct full cyber breach simulations where we demonstrate possible attack routes and likelihood of exfiltrating confidential data.

Cyber Security Assessment Types

Maximising Defence through thorough Cyber Security Evaluations

Know your externally exposed assets | External Recon

Using open-source intelligence combined with target scope information, we determine externally exposed resources and their open services. As businesses grow and change, they often have old legacy systems or forgotten systems exposed to the internet. These could just be the weak link in your security posture.

During this process we:

  • Identify externally exposed business and web applications.
  • Identify open ports and services exposed.
  • Identify potential threats.
  • Develop a threat profile.

Know Your Internal Security State | Internal Recon

Knowing your externally exposed resources is only part of an effective defence plan, as internal resources could also be exploited. Cyber security needs a holistic approach depending on multiple layered defences. Knowing what systems, services and devices are connected to your network is a critical part in defence.

During this process we use various methods to:

  • Identify internal systems and devices including internet of things (IOT) devices connected to your network.
  • Identify open ports and services exposed.
  • Identify potential threats.
  • Develop a threat profile.

Assessment of current security state | Penetration Testing

Once an external and internal threat landscape has been established, we will assess the ability of the organisation to detect and defend against cyber-attacks. Using various ethical hacking methodologies, we will test the business environment for weaknesses and attempt to gain access to resources.

The penetration test simulates a real-life attack, using the same methods and tools an attacker would use. The tests are done in a way to cause as little as possible interruptions to the business and in some cases are executed after business hours.

We offer Whitebox, Blackbox, Greybox and Advanced Persistent Threat Simulations.

The difference between white, black and grey simulations is in the amount of information shared prior to the assessment. With a grey box test, we are provided VPN access and some company information, but with a black box simulation, we don’t have any credentials to start with, we need to simulate a threat actor and obtain a foothold into the organisation by using exposed services, web applications, phishing or any other possible way to establish a foothold into the organisation.

Once we have established a foothold, we will attempt horizontal and vertical movement within the environment and will look for any weaknesses that could lead to access into critical assets.

With the Advanced Persistent Threat Simulation, we follow either black or grey simulations but using slower scanning methods and attempt to evade detection. The goal with this simulation is to remain within the network as long as possible without being detected and contained. This simulation is an excellent way to test the security maturity of your defence team and the incident response team.

The core assessment consists of the following steps:

  • Assess the organisation cyber security defence.
  • Assess how prepared the organisation is to detect the attack.
  • Assess how the organisation can deal with an active attack.
  • Determine the monitoring and response maturity of the security operations centre (SOC).
  • Determine desired state of critical assets.
  • Determine remediation across people, processes and infrastructure.

The above steps are used to understand your environment and help you determine critical assets. This is mainly a reconnaissance phase and follows the same attack methodology a real-life threat actor would do.

Remediation & Response

Once threats and vulnerabilities have been identified, a remediation plan needs to be created. This will focus on critical assets and low hanging vulnerabilities o that the security posture of the businesses strengthened.

  • Prioritise remediation projects.
  • Work with defence and monitoring teams to establish detection and response plans.
  • Allocate remediation responsibilities.
  • Develop incident response processes.

Active Directory Review

Manage Permissions and Access to Network Resources

Most organisations use active directory to manage user accounts, computer accounts and other resources of the organisation. It is used to manage permissions and access to network resources. The biggest weakness in active directory stems from its ease of use. Leaving deployments in default configured states are often one of the paths used by attackers to gain access to a domain account or to elevate existing accounts to a higher privileged account. It is therefore critical to evaluate the security state of your organisation’s active directory.

Purple Team Collaboration

This service is included in the remediation and response stage, but can be requested as a separate service. We assign a penetration tester to work together with your SOC team. The tester will inform the team that a particular test is about to start and the SOC team will then determine if the attack can be detected. Detection rules and response plans can then be crafted to prevent similar attacks in the future.

Core steps:

  • Test the SOC team’s ability to detect attack.
  • Establish detection rules to alert on future attacks.
  • Establish and test response and containment plans for similar attacks.

Web Application Penetration Testing

This is a more specialised type of penetration test, focusing on web applications. During this test we will perform a recon against the target web application to establish possible attack vectors. We will map the website using various tools. Using the OWASP Top 10 as framework we test for vulnerabilities in the web application. All input fields are tested for possible exploit. These include the test of web API endpoints.

Examples of areas covered:

  • Injection flaws.
  • Authentication bypass and session management.
  • Cross Site Scripting.
  • Authorisation bypass.
  • Security configuration.
  • Sensitive data exposure.
  • Cross Site Request Forgery.
  • Using vulnerable third-party components.
  • Unvalidated redirects or forwards.

Password Audit

Weak passwords or the re-use of passwords within a network or domain environment can lead to the exploitation of the environment. We use similar tools used by hackers to test your network and environment against dictionary attacks and brute force attacks. We run these tests against a copy of your AD password file, so the test is non-invasive.

Core steps:

  • Determine weak password usage.
  • Determine re-use of passwords.

Phishing Attacks

Simulation, Training and Awareness

We specialise in conducting cyber security assessments, ranging from traditional audit assurance, best practice maturity assessments and penetration testing techniques. We have had great success with our blended methodology approach, where we use penetration testing to test an organisations’ cyber security defences, and report the results using best practice security frameworks, such as CIS Top 18 or NIST. We also conduct full cyber breach simulations where we demonstrate possible attack routes and likelihood of exfiltrating confidential data.

Phishing Attack Simulations

Familiarise your staff with common phishing techniques

Level 1

Level 1 is the most basic and are used for environments where the security maturity is not yet fully established and where user awareness training is still at a low level. The attack should easily be detected by the employee, if he/she fails the test and clicks on the link, they are redirected to a user awareness page, with details on what to look out for.

Level 2

Level 2 is more advanced phishing and geared towards a mature environment.

Level 3

Levels 3 is the most advanced phishing attack, and is more targeted towards the skilled IT professional, where we would create fake domain names looking similar to the target domain. In all cases we can test for who clicked the link, and if credentials where supplied. The test requirements are built or structured around your requirements.

API Security

Testing Application Programming Interface (API) Security

API (application programming interface) endpoints are used in many web-based applications to create a connection between the front-end application and the back-end database, but they are also used in mobile applications, IoT devices and many other environments. Broken or insecure APIs could expose the internal data that could lead to exposing sensitive data. Testing for weaknesses in APIs follows the OWASP framework for API tests. API testing is also done during web application assessment, but could also be done as a standalone exercise:

API Security Tests

Ensure you're protected against common API vulnerabilities

Types

  • Broken Authorisation
  • Broken Authentication
  • Excessive Data Exposure
  • Lack of Rate Limiting
  • Mass Assignment
  • Security Misconfiguration
  • Injection
  • IDOR

Wireless Network Security

Testing Wireless Network Security

Wireless penetration testing is a process used to assess the security of wireless networks by identifying access points and performing various attacks such as WEP/WPA encryption checks, de-authentication attacks, brute force attacks, and rogue access point attacks. It also involves user enumeration, EAP-brute force, and evil twin attacks. These tests aim to identify vulnerabilities in wireless networks that can be exploited by attackers to gain unauthorised access to internal networks.

Speak to a Consultant