Squawk Red, red-teaming and security assessments.

We are proud to introduce SquawkRed. Our newly established Red Teaming Services label under the Lace IT umbrella.

Red Team Assessment

Test your security against real-world attacks without the risks of negative headlines. You have invested in your cyber-security program, but do you know how well it performs under pressure? SquawkRed tests your program’s capabilities against real-world attack scenarios, helping improve your security posture.

Squawk Red Team Assessment Features

  • Real-world attack scenarios, Methodology uses realistic attack scenarios using tactics, techniques, and procedures seen in real-world attacks.
  • Customizable objectives, Tailored engagements to meet organizational needs, with objectives based on the most relevant risks to your organization.

Industry expertise

Consultants experienced with critical infrastructure sectors – including energy, healthcare, and telecommunication providers.

Reports

Detailed, concise reports with actionable recommendations to aid in remediating identified issues post-engagement.

Our Methodology

The Squawk Red Team relies on a systematic, repeatable, and reproducible methodology. We begin by establishing the following core information and rules of engagement, agreed upon in collaboration with the organization’s leadership team:

  • Does the red team begin its effort with information about your environment (white box) or with no information at all (black box)?
  • What intelligence does SquawkRed already have about high-risk assets and vulnerabilities in your industry?
  • What objectives do you want the red team to accomplish in simulating a real-world attack?

Once the objectives are set, the red team starts by conducting initial reconnaissance. SquawkRed leverages a combination of proprietary intelligence repositories as well as open-source intelligence (OSINT) tools and techniques to perform reconnaissance of the target environment.

SquawkRed attempts to gain initial access to the target environment by exploiting vulnerabilities or conducting a social engineering attack, and leverages techniques used by real-world attackers to gain privileged access to these systems.

Once access is gained, the red team attempts to escalate privileges to establish and maintain persistence within the environment by deploying a command and control infrastructure, just like an attacker would.

After persistence and command and control systems are established within the environment, the red team attempts to accomplish its objectives through any non-disruptive means necessary.

Contact the specialist today via consulting@lace-it.nl