The security field is always more complex and preventing from a breach to occur is undoubtedly hard.
The classical approaches reached their limit and now the security professionals have to deal with new challenges and related risks for their customers as well as their own infrastructure.
For these reasons and in order to bring value in each project to enhance your security, the POST CyberForce Offensive Security team proposes several services to help you.
Advanced phishing campaign
Awareness is cool but what if you have to deal with a well-prepared campaign?
Are you ready for that? In order to challenge incident response capabilities, processes in place, IT risks and more, we propose realistic approaches such as credential theft or using more sophisticated approaches, customized payload delivery.
In addition to your classical vulnerability assessments, architecture/code reviews, application security processes, end-users’ awareness… the POST offensive security team offers Penetration Testing to identify exploitable weaknesses and the associated impact of their exploitation to anticipate the risk using the offensive approach.
We propose a complete portfolio to cover each layer of security from classical Web applications, internal penetration testing, mobile environment to physical intrusion and social engineering.
Challenge your risk exposure through a realistic scenario using a predefined attack vector.
Emulate well-known TTP from the most recent campaigns to validate your exposure and mitigate the risk.
Application Vulnerability Exposure & Hardening
Using a “n-day angle” approach, challenge commercial or closed solutions, patches to apply on restricted or sensitive environment through fuzzing, diffing and reverse engineering techniques to challenge security before go-live.
Red Team exercice
Emulate a “real-world” threat based on pre-defined objectives (I.T, business…) with the goals of training and measuring the effectiveness of people, processes and technology used to defend your business.
Purple Team exercise
By sharing intelligence data across the red and blue teams during the purple teaming process, organizations can better understand threat actors’ Tactics, Techniques and Procedures (TTPs).
The CyberForce Offensive Security Team in a few words
- Relevant experience and the best certifications in the offensive security area (CRTP, OSEP, OSCE, OSED,...)
- Innovative research and custom OST development based on our own R&D program
- Challenge your detection and incident response capabilities with an adapted approach based on your needs
- Inspired from the real-world attacks to test the limits of your security team
- Publication of advisories and other open source project on our github as well as higly technical papers
- An international team working internationaly for different customer from banking to industrial context
Our philosophy is "The best defense is a good offense... when used in an efficient way" and this is why COS can help you bringing our added-value for a better ROI.
This article is the second part of case study CVE-2022-46527 and will discuss the discovery of the vulnerability and a proof of concept leading to a crash
26 June 2023
Setting up the environment to scan IoT devices for vulnerabilities: Case of CVE-2022-46527
14 March 2023
How to exploit the vulnerability in Firefox 56 and 57 to get code execution
19 September 2022