6S ("Success") Assessment Methodology



Scope
We'll work with you to gain a practical understanding of your needs and only offer services delivering the most value.




Survey
We'll tailor our analysis of your organization and industry to model the most plausible threats.




Strike
We'll leverage our surveillance to forge tailored threat operations against your enterprise.




Sustain
We'll establish deep and diverse footholds throughout your environment.




Seek
We'll locate and compromise your company's most critical assets.




Secure
We'll deliver program-level and detailed technical advisory through executive and technical debriefs and reports.


Flagship Adversary Operations

Adversary as a Service (AaaS)
Subscribe to the latest trade-craft and subject your enterprise to monthly assessments of your external threat vectors leveraging bleeding-edge TTPs
Red Team Adversary Simulation
Challenge your blue team operators in an authentic, full-scope simulation of an attack from an advanced persistent threat. In this double-blind simulation, we'll find a way - or we'll make one - gaining true insight into your enterprise's detection, response, and threat eradication capabilities along the way
Purple Team Collaboration
Take your defenses to the next level by allowing your blue team operators to collaborate on a simulated attack from an experienced red team operator. Run through varying levels of attack sophistication and work together to identify gaps and strengthen existing detection controls

Physical Access Operations

Social Engineering
Determine if your employees are abandoning standard procedures which may enable a threat actor to gain unauthorized access to your physical and digital information assets
Facility Controls Assessment
An observational walk-through to evaluate your office buildings and other facilities to model threats and identify physical control gaps
Physical Intrusion Assessment
Take your facility controls assessment to the next level (or skip it altogether), and let us validate control gaps in your facilities by gaining unauthorized access to your physical premises and - ultimately - your physical and digital information assets

Defense Operations

Organize Against the Adversary (OAtA) Assessment
This hybrid assessment will ensure your organization is operating effectively in alignment with the NIST Cybersecurity Framework while defending against major attack vectors as prescribed by the industry-standard ATT&CK matrix
Active Directory Risk Assessment
Identify how common Active Directory ("AD") configurations, practices, and privilege assignments can be abused to threaten your fully-patched and otherwise-secure domain systems. Eliminate threat vectors for optimal resilience to attacks
Endpoint System Hardening
Implement industry best-practice configurations and controls on your critical systems and workstations

Traditional Operations

Network Penetration Testing
Whether from the internet, or from inside your network(s), a traditional penetration test of your networked systems will help you find holes in your patch and vulnerability management program
Segmentation Control Testing
Validate whether segmented systems are appropriately isolated from each other
Website and Web Application Security Assessment
Ensure your critical website applications are developed securely and not leaving the enterprise vulnerable
Application Programming Interface (API) Security Assessment
Your system has a cool API, but you want to make sure nobody can abuse it to compromise your company or your customers
Wireless Security Assessment
Ensure your wireless access points aren't easily compromised to gain access to your corporate networks, and validate your guest access points aren't leaving you vulnerable
Social Engineering
Determine if your employees will divulge sensitive information, click malicious links, or potentially allow malware into your enterprise network through email, telephone, and other exercises