Cybaverse were asked to complete a comprehensive Red Team for Mr and Mrs Claus at Lapland Industries. Over the last 11 days we’ve seen and tested several TTPs that could have been utilised against the business by the Gruber Group. Today we look to pull all our findings together into one report for Lapland Industries, while our full Red Team reports can consist of 100 pages, we’ve included a shorter version below.
Red Team Reporting
When engaging with a Cyber Security company for Red Team testing, a comprehensive report should be provided at the end of the project. This will detail all information collected, the methods used and the outcome. It may also contain some recommendations to ensure that the vulnerabilities identified during the assessment are rectified.
The report will differ slightly depending on the Cyber Security partner of choice; however reports will generally cover the following key areas:
- Basic information – Company name, top level details of the test, days taken in each area, tester information and details
- Executive summary – Detailing the project scope and authority/remit for testing. This can also highlight the number of critical findings and have a summary of the tests
- Recommendations – that will help improve the security posture of the business at a top level and the reasoning behind these recommendations
- Assessment summary – This will outline the individual stages of the project and the exact methodology the Cyber Security company will take to compromise the network
- Further details – This can include screenshots of the network, findings that were uncovered during the project, evidence of information collected through open sources and other relevant information
A snapshot of our Red Team report for Lapland industries can be found below.
Company name: Lapland Industries
Company address: Santa’sWorkshop, The NorthPole, NTH P013
Company URL: Laplandindustries.com
Contact name: SantaClaus & Mrs Claus
Report date 15/12/2022
Timeframe of assessment: 10 Days
- 1 Day Scoping
- 1 Day WiFi Sniff
- 2 Days Social Engineering
- 1 Day Password Spray
- 2 Days Recon & Physical Security Testing
- 2 Days Internal network compromise and encryption
Executive Summary
Lapland industries invited Cybaverse to conduct a Red Team security assessment on their organisation.
This document looks to outline the key findings of the assessment which included Phishing, Vishing and Physical Security tests.
Most of the testing was conducted using a Black Box approach (no prior knowledge of the organisation). The tests looked at vulnerabilities, misconfigurations, physical security, technical control measures and the elves’ susceptibility to social engineering.
It should be noted that any assessment activities performed reflect the vulnerability exposure of an organisation at the time of the test and that additional vulnerabilities may subsequently arise following assessment completion. Every effort is made to ensure that assessment resources are up to date at the time of the assessment; and that all public exploit data stored by Cybaverse is destroyed post engagement.
Risk summary
Overall, the security posture of Lapland Industries was found to be below best practice. The main area of concern was the appropriate segmentation of the network. While user accounts were shut down, other areas and ports were left open to the main internal network
Tomorrow we will reveal the recommendations we gave Santa and Lapland Industries, many of which are applicable to businesses all over the world.