To help organizations improve their defenses beyond the simple “check the box” approach, or
traditional penetration testing “wash, rinse, repeat” cycle, Silent Break Security uses a
methodology customized to where an organization is at in their security maturity. To provide the
most value, it is necessary to test different aspects of a security program for organizations
more
capable in their detections and defenses compared to organizations newer to the path to
improving
security. Silent Break Security is a sophisticated adversary that can adapt and assist both
types of
organizations in their quest to improve.
In this assessment, the Assumed Breach Penetration Test begins from the perspective of an
internal
workstation, and bypasses the initial assumption of an attacker being able to obtain internal
network access (typically through social engineering). The initial workstation access point can
be a
virtual machine configured exactly the same as an end-user workstation (ideally configured after
a
department likely to be targeted/exploited in a social engineering attack), or a real end-user
workstation being used every day by an employee. These scenarios provide a realistic simulation
of
an endpoint becoming compromised. Leveraging custom tools and techniques, the Silent Break team
attempts to stealthily and covertly escalate privileges from the initial workstation.
As the Silent Break team performs the assessment, the organization’s internal security team can work in tandem to monitor pivoting techniques, identify malicious callbacks, detect privilege escalation, and overall refine the incident response process. The realism and sophistication of the Assumed Breach Penetration Test will both identify weaknesses in the environment from the perspective of a sophisticated adversary, and help the internal security team improve preventions, detections, and the incident response process.
