BlackBerry Red Teaming

A Real World Approach to Assess Your Organization’s Security

Contact Us

Penetration Testing that Reflects a True Attack

Nation states, criminal gangs, political activists and recreational hackers are just some of the threats faced by organizations today. Despite their different motives, these threat actors have one advantage in common. Time.

While typical penetration tests will be conducted within a rigid time window, BlackBerry® Red Teaming from BlackBerry® Cybersecurity Consulting occurs over an extended period. Testers will observe targets and choose times when attacks will be most effective—just as a malicious attacker would.

How Does it Work?

Prior to commencement of the service your BlackBerry Cybersecurity consultant will work with you to define testing scope and acceptable level of invasiveness and disruption. The time scale, number of exercises and targets will also be agreed upon.

Simulated attacks may be delivered in multiple formats:

  • Electronic
  • Social vectors
  • Physical assessments

The result will be a full understanding of your organization’s defences and will take into account your security culture and readiness as a whole. 

Remote Surveillance and Discovery

OSINT (Open Source Intelligence)

Enumerating as much freely available online information as possible, associated with your organization’s digital footprint.

Doxing

The art of finding information about an individual, to be used in phishing or targeted social engineering.

Disgruntled and Targeted Employees

Engaging and exploiting select individuals to reveal confidential information about your organization.

External Infrastructure Assessment

Assessing your organization’s infrastructure from an attacker’s viewpoint and exploiting if possible. 

VPN Testing

Attempts to intercept traffic and test cryptography levels of the secure tunneling method being used for VPN.

Client-side Attacks

Internal and external client-side attacks entice users to click a link, open a document or somehow go to a malicious website.

Tech Support Attack

Particular attention given to the Technical Support function in an attempt to obtain confidential information to aid an attack.

Cracking Wi-Fi

Through brute forcing methods, an attempt can be made to crack the wireless key of an AP that is used on-site. 

On-site Attacks and Testing

Unauthorized access can be gained by tailgating, cloning access cards, using a fake persona or exploiting weak security measures. 

Once on-site, testers can attempt to gain access to the server room and look for further vulnerabilities.

A tester can attempt to gain access to physically unsecured documents that may reveal sensitive information. 

If testers gain access to the internal network, they can assess and exploit network vulnerabilities.

Once a device is obtained, applications on the device can be exploited, and sensitive information can be revealed.

If source code of an application written by your organization can be obtained, a competitor could acquiring the same information.

Credit card sized PC’s can be hidden behind tower PCs or furniture to intercept and transmit data from an internal network over an SSH protocol. 

Tiger scenarios provide real time, real life feedback in relation to how an organization would respond to a real time security threat.

Physical Access Server Room Access Documents Access Network Access Obtaining a Device Obtaining App Source Code Dropbox Left On-Site Tiger

Ready to Get Started

Get a comprehensive picture of your organization’s risk profile and put a plan in place to reduce vulnerability.

Contact us