Offensive security services
Do you want to verify that your IT infrastructure is secure? Discover the services offered by our Red Team.
The security field is always more complex and preventing from a breach to occur is undoubtedly hard.
The classical approaches reached their limit and now the security professionals have to deal with new challenges and related risks for their customers as well as their own infrastructure.
For these reasons and in order to bring value in each project to enhance your security, the POST CyberForce Offensive Security team proposes several services to help you.
Advanced phishing campaign
Awareness is cool but what if you have to deal with a well-prepared campaign?
Are you ready for that? In order to challenge incident response capabilities, processes in place, IT risks and more, we propose realistic approaches such as credential theft or using more sophisticated approaches, customized payload delivery.
In addition to your classical vulnerability assessments, architecture/code reviews, application security processes, end-users’ awareness… the POST offensive security team offers Penetration Testing to identify exploitable weaknesses and the associated impact of their exploitation to anticipate the risk using the offensive approach.
We propose a complete portfolio to cover each layer of security from classical Web applications, internal penetration testing, mobile environment to physical intrusion and social engineering.
Challenge your risk exposure through a realistic scenario using a predefined attack vector.
Emulate well-known TTP from the most recent campaigns to validate your exposure and mitigate the risk.
Application Vulnerability Exposure & Hardening
Using a “n-day angle” approach, challenge commercial or closed solutions, patches to apply on restricted or sensitive environment through fuzzing, diffing and reverse engineering techniques to challenge security before go-live.
Red Team exercice
Emulate a “real-world” threat based on pre-defined objectives (I.T, business…) with the goals of training and measuring the effectiveness of people, processes and technology used to defend your business.
Purple Team exercise
By sharing intelligence data across the red and blue teams during the purple teaming process, organizations can better understand threat actors’ Tactics, Techniques and Procedures (TTPs).
The CyberForce Offensive Security Team in a few words
- Relevant experience and the best certifications in the offensive security area (CRTP, OSEP, OSCE, OSED,...)
- Innovative research and custom OST development based on our own R&D program
- Challenge your detection and incident response capabilities with an adapted approach based on your needs
- Inspired from the real-world attacks to test the limits of your security team
- Publication of advisories and other open source project on our github as well as higly technical papers
- An international team working internationaly for different customer from banking to industrial context
Our philosophy is "The best defense is a good offense... when used in an efficient way" and this is why COS can help you bringing our added-value for a better ROI.
Exploiting CVE-2018-5093 on Firefox 56 and 57 – PART2: gaining code execution
How to exploit the vulnerability in Firefox 56 and 57 to get code execution
19 September 2022
Exploiting CVE-2018-5093 on Firefox 56 and 57 – PART1: controlling the instruction pointer
Find out how to take advantage of the whole underflow vulnerability on Firefox 56 and 57
04 July 2022
Adversary simulation exercise: when real-life meet business
This article is short story telling about one adversary simulation exercise we (POST CyberForce Offensive Security) performed.
08 March 2022
Our experts answer your questions
Do you have any questions about an article? Do you need help solving your IT issues?