All VidraSec Services Printable

Ransomware attacks are on the rise, and the ones with the highest impact take over the whole Active Directory. We must secure these systems to minimize the risk of having our data encrypted and put up for sale on the internet!

Active Directory deliver extensive functionality; however, their complexity can often lead to security vulnerabilities. Given the critical role these systems play in user management, any security flaws can have severe implications. It is important to note that even though Active Directory serve similar purposes, the systems are still very different and would normally be tested in two different projects.

VidraSec offers services designed to address these challenges head-on. Together, we will develop strategies to fortify your environment against threats.

Scope

This type of test is typically performed as white-box, meaning that the testers receive full access to the tested system and its documentation. This allows a comprehensive analysis of vulnerabilities and misconfigurations in a short time frame. These are the main focus points of the test:

• Audit of the implementation status of the tier model and possible vulnerabilities
• Review of all accounts and their password age
• Review of the permissions of users, computers, and groups
• Review of group memberships of highly privileged groups
• Interview with administrators on how they typically administer the system
• If present: domain and forest trusts
• Test for typical vulnerabilities like “Kerberoasting” or (un)constrained delegation

Why

• Forgotten, insecure permissions can be a huge security problem, making attacks extremely easy.
• These are living systems, and errors occur. Only a regular check can help find them.
• Having secure administrative processes makes the lives of the attackers very hard.

For a comprehensive assessment of the on-premise Active Directory, VidraSec recommends conducting this analysis in conjunction with a penetration test of the internal infrastructure. This approach offers a complete overview of your internal systems’ security posture.

Why VidraSec 🦦

I have multiple years of experience attacking and securing Active Directory. If I manage to get Domain Admin permissions after a few days of work, I am sure a real attacker can also do it. Thus, let me demonstrate what is wrong and how to fix it to protect yourself against attacks.

Related Services

• Internal IT Infrastructure Penetration Testing
• EntraID Audit
• Cyber Attack Simulation

What if one of your employees clicks on the wrong email attachment? Will you be able to stop the attack, or will the attackers be able to move laterally from there and take over all your systems? This is why you should conduct an internal infrastructure penetration test. The internal system is just one wrong click away from being “public”.

Experience has shown that the externally facing infrastructure is often quite well secured nowadays. However, if you look at the internal network, the story is often sadly different. No encryption used, security mechanisms turned off (legacy software does not support them), or completely outdated software. In the worst-case scenario, these vulnerabilities could lead to a complete compromise of company data.

Scope

This penetration test can be tailored to focus on specific systems, such as a particular server or the configuration of Windows clients, as determined during the scoping call. Moreover, this test can assess your detection capabilities, although it’s important to note that detection is not the primary focus of a penetration test. These are the main focus points of the test:

• Penetration test of Active Directory
• Check whether all recommended countermeasures are in place
• Identification of vulnerabilities in the network
• Identification of outdated software in the network
• Misconfigurations, e.g., Active Directory Certificate Services
• Test for open file shares with confidential data
• And overall: can an attacker gain Domain Admin rights in your network?

Why

• Find and fix vulnerabilities in your internal infrastructure
• Secure your machines so that the impact of attacks is lower
• Your infrastructure is a living system; only regular checks can help find misconfigurations.

Why VidraSec 🦦

I have, many times, gained Domain Admin rights, starting just as a normal user. In many different types of companies, I can tell you that being small or big doesn’t make a difference. If I can do it, an attacker can also do it. And I hope that me explaining the vulnerabilities and how to fix them in a report is more pleasant than an attacker explaining where to send the Bitcoins.

Related Services

• Active Directory Penetration Testing and Auditing
• Attack Simulation

Cloud services offer many new opportunities for companies. However, they also present many dangers that can be exploited by attackers. Therefore, it is essential that these services are configured correctly. This configuration is checked in a Cloud Infrastructure Audit.

In this audit, the following settings are reviewed, among others:

• Identity and Access Management
• Virtual Network Configuration
• Security Settings
• Configuration of the Used Cloud Services

Related Services

• EntraID Audit

In the simulation of cyber attacks, typical attack paths are recreated. The goal is to test how well the target company is prepared for these attacks. The focus is on attack detection.

Which specific attacks are simulated is determined together in a meeting. Examples of this are:

• Social Engineering
• Phishing
• Malware infection of a device

The goal of the simulation is usually to test attack detection and response. For example, it can be tested whether a phishing email is recognized by employees and whether the process for reporting a phishing email is known and functioning.

Related Services

• Penetration Test of internal IT Infrastructure
• Penetration Test of external IT Infrastructure

EntraID is a very powerful identity management and access control solution. A misconfiguration can lead to unauthorized access to company resources or facilitate social engineering attacks. Therefore, this component must be thoroughly tested.

Scope

This type of test is typically performed as white-box, meaning that the testers receive full access to the tested system and its documentation. This allows a comprehensive analysis of vulnerabilities and misconfigurations in a short time frame. These are the main focus points of the test:

• Audit of the implementation status of the tier model and possible vulnerabilities
• Review of all accounts and their password age
• Review of the permissions of users, computers, and groups
• Review of group memberships of highly privileged groups
• Interview with administrators on how they typically administer the system
• Conditional access policies
• Verification against best practices
• The link to the on-premise Active Directory

Related Services

• Cloud Infrastructure Audit

If your system is exposed to the internet, it could potentially be hacked by anyone. Okay, I exaggerate a bit, but I think you understand. Vulnerabilities in your external infrastructure can lead to very bad press and threaten your customers’ personal information. So, it’s better to check once more.

Scope

This test can focus on a range of externally accessible IPs. Another approach is to collect information about your external attack surface, meaning what information can an attacker find out about your company and which services are exposed (that you might not even know about). These are the main focus points of the test:

• Detection of vulnerabilities in your external infrastructure
• Identification of outdated software and used libraries
• Check for missing hardening measures that can protect you in case there is a vulnerability
• Publicly exposed sensitive information
• Insecure configuration of services

Why

• Do you even know all the services that are exposed to the internet?
• Are you sure you are not unintentionally leaking sensitive data?
• Did you apply all the additional security measures that can prevent attacks?
• Are all your services configured according to best practices?

Why VidraSec 🦦

I have over 6 years of experience in penetration testing and red teaming. In this time, I have seen many different systems and found a lot of vulnerabilities. Fun fact: in all this time, there have been worse and better systems, but there has never been a system without any vulnerabilities. Let’s improve your security together!

Related Services

• Internal IT Infrastructure Penetration Testing.
• Cyber Attack Simulation

For companies that haven’t yet thoroughly explored cybersecurity, VidraSec offers a Starter Pack. The goal is to provide these companies with an initial overview of their security posture. The results from this project serve as the foundation for prioritizing the remediation of vulnerabilities and implementing processes to strengthen information security.

Scope

This project was developed with the idea of being relevant to most companies that have yet to invest significantly in cybersecurity. The pricing structure is transparent, and the coordination effort is manageable. To cover as many needs as possible, this package is available in different levels of expansion.

Basic

The Basic package includes:

• Penetration test of the external infrastructure (max. 10 IP addresses)
• Analysis of the external attack surface (OSINT analysis)
• Brief interview on information security management

As a project outcome, the commissioning company will receive a detailed report with the following information:

• Identified vulnerabilities and recommended countermeasures
• Results of the analysis of the external attack surface
• Identified issues in information security management

Additionally, there will be a final review of the results, during which any questions can be addressed.

Price: €2,000.00 (excluding tax)

Standard

In addition to the contents of the Basic package, the following points are included:

• Penetration test of the internal infrastructure
• Detailed interview on information security management
• Detailed interview on business continuity management (BCM)

Price: €4,500.00 (excluding tax)

Enterprise

In addition to the above-mentioned services, further VidraSec services can, of course, be added. However, a detailed scoping call is required in this case.

Price: To be determined

Order

Contact VidraSec now to receive a specific offer:

Please note that the availability of services is subject to current workload and resources. While we strive to accommodate all requests, we cannot guarantee availability for every inquiry. We recommend contacting us early to secure your desired service.

Most cyber attacks begin with a human error. Someone has set a weak password or opened the wrong email attachment. Therefore, it is essential that all employees are trained on how to behave correctly.

The exact scope and duration of this training can be individually determined. Typical training contents include:

1. Introduction to the threat situation
2. Phishing and Social Engineering
3. Internet fraud
4. Password security
5. Outdated recommendations
6. Social Media Security

The training can be conducted remotely or on-site.

Related Services

• Cyber Attack Simulation

Vulnerabilities in web applications can be very problematic. In the worst case, the entire web server is taken over or confidential customer data is stolen. Therefore, it is especially important to thoroughly test these applications.

Scope

In general, web applications are tested for the most critical vulnerabilities. This includes:

• Access control testing
• Injection attacks
• Misconfigurations
• Review of third-party components
• Implementation of Defense-in-Depth measures

The specific test procedure and tested components will be discussed in a Scoping meeting.

Related Services

• External IT Infrastructure Penetration Testing