Our attack process chains together seemingly separate vulnerabilities for a holistic view of your applications, networks, and team behaviors. Each red teaming assessment takes a systematic, repeatable, and methodological approach that consists of 6 essential steps:
1. Goal setting
You’ll determine the specific goal/asset you want our Red Team to target.
Our Red Team identifies network services, Web applications, and employee portals.
Our Red Team identifies vulnerabilities, whether they’re software or human vulnerabilities, by utilizing application and network penetration testing (e.g., cross-site scripting), as well as common human manipulation techniques (e.g. email and phone-based phishing).
4. Network Pivoting and Escalation
Our Red Team gains access inside the network through one of the vulnerabilities they discover. This may include physical facility exploitation and/or business process tampering. An example of this is “tailgating” or posing as employees or contractors to gain access to a physical workplace.
5. Obtain target
Our Red Team accesses sensitive corporate assets.
At the end of each assessment, Synopsys Red Team Professional Services provides strategic business recommendations to address complex vulnerabilities that were discovered, a high-level executive summary, and details of the attack flow Synopsys performed.