EXTERNAL THREAT campaign
real attacks against your perimeter
Know how fortified your perimeter is
Why let an enemy in if it’s avoidable? We can all agree that we want to prevent that. It’s why millions of dollars are invested in sound defenses – be it appliances, software, antivirus, managed services, etc. Have you validated that the investment is doing what it should be?
Breaches can still be reduced...
In the offensive cybersecurity industry, the playing field is littered with companies performing vulnerability assessments and scans. While automated testing like this can be a small part of a real adversary’s toolkit, BuddoBot knows that real adversaries often breach a customer with more intricate and in-depth methodologies.
BuddoBot’s External Threat Campaign service is a three-week, point-in-time security campaign with three goals:
- Identify pathways to breach the perimeter and establish internal or privileged access
- Identify exploits to external infrastructure and applications for private data access
Identify means to disrupt customer operations and cause monetary damage
Key components to our External Threat Campaign:
- Advanced Social Engineering
- Threat Intelligence
- Attack Surface Management (ASM)
- Infrastructure and Application Hacking
It is really important not to ignore external threats. Many adversaries will move to other targets if they feel like it’s just too much work to continue to focus on your organization.
Advanced Social Engineering
With our combined decades of industry experience in both the offensive and defensive fields, we know that one of the largest contributors to breaches is the social engineering of employees. Even industry best-practice defenses like two-factor authentication (2FA), mail filtering, and end-point protection can fail. Employees and partners are main inroads to privileged access.
As one component of our External Threat Campaign, BuddoBot uses cutting-edge phishing and vishing techniques to target your organization. These techniques include trusted sender domains, spear phishing/vishing using OSINT, custom pretexts, 2FA proxies, 2FA bombing, template injects, AI vishing profiles, custom file payloads, and a myriad of email security filter bypasses.
Sometimes the adversary ecosystem separates its duties. In many cases, credentials and access to your infrastructure have already been gained through mass phishing campaigns. These credentials and access are then sold on the dark web forum and chat ecosystem. BuddoBot monitors the emergent places where this valuable information can end up. We inform you of these leaks and use them as an adversary would, chaining them with other methods to gain privileged access.
Attack Surface Management
One of the key elements to the External Threat Campaign is its unscoped nature. Both large and small organizations are made up of complex webs of infrastructure, websites, relationships, and APIs. When business moves fast, so does technology. BuddoBot utilizes innovative external attack surface monitoring tooling to enumerate your entire threat profile. This part of the campaign often identifies assets that have slipped through the cracks and have made their way to the internet.
- Did marketing spin up a promo once that never got removed?
- Did a developer team go rogue and requisition unapproved cloud infrastructure?
- Was a partner integrated with the business but never offboarded, leaving behind abandoned DNS registries
These are the type of easy omissions that adversaries take advantage of because they are often under-secured. As an added value to our customers, we provide this external profile during the engagement to help bolster or build your internal asset registry and empower your SOC.
Infrastructure and Application Hacking
The last large component to the adversary’s playbook is their tenacious technical ability aimed at your technology. BuddoBot examines your entire threat profile to identify vulnerabilities that could accomplish adversary objectives. This includes applications, cloud, infrastructure, mobile, and more. While our goal is to accomplish a defined shared objective with the customer, our manual red team testing can uncover a vast gamut of security vulnerabilities. There are two components of this testing: our in-house developed security automation and our exceptional offensive security engineers.
Our automation is enhanced with both industry standard and homegrown vulnerability checks. Our automation achieves both finding known CVEs and custom fuzzing on application inputs. These are passed to Offensive Security Engineers for validation and exploitation. No canned scans, no false positives.
Buddo Offensive Security Engineers pour over the attack surface looking for misconfigurations and vulnerabilities that accomplish the campaign goals. Often, the difference in an offensive security team is its ability to find novel manual findings that are deeply embedded in the attack surface. As a baseline, we use common testing methodologies like OWASP, PTES, WAHH, etc., but are often more focused on finding logic flaws, authentication/authorization bypass, and exploitable injection vulnerabilities that really matter to a client.
BuddoBot has a long history of working with the best security testers in the industry. Our staff of offensive security engineers has decades of experience in offensive security. They have presented and contributed to the community at world-renowned conferences such as DEF CON, BlackHat, OWASP, RSA, Security Bsides, SANS, IANS, ISSA, and more. Their contributions are often cited in books and trainings worldwide.
In addition to our staff of offensive security engineers, BuddoBot leverages a tight-knit relationship with the security researcher community. From our connections in the bug bounty community, we work with some of the best specialists in different domains of offensive security. We bring these specialists in throughout your campaign to ensure you get the highest quality testing.