Ethical Hacking

The Terishield ethical hacking team, also known as penetration testers or white hat hackers, are cybersecurity experts who use the same techniques and tools as malicious hackers (black hat hackers) to identify and resolve vulnerabilities and security gaps in computer systems.

Ethical hackers always operate with the explicit permission of the owners of the systems they are testing, unlike malicious hackers who break the law by accessing or damaging systems without authorization.

The main goal is to enhance security by anticipating the techniques that might be used by malicious individuals to illegally access systems and data.

Penetration Testing

Penetration Testing is an Ethical Hacking activity and consists of a technical evaluation to be implemented over a dedicated time frame and designed to achieve a specific objective, for example, to exfiltrate customer data, to gain access as a network administrator or to modify sensitive employee salary information. They can be network-based, use physical attacks, social engineering, phishing, be application focused, or all of the above.

Red Teaming

This activity is also an Ethical Hacking task and consists of a long-term or ongoing evaluation based on a campaign that emulates real-world adversaries with the goal of improving the quality of a company’s information security defences. Specifically, it is noted that the attack simulates Threat Actors including cyber-crime, as in the case of ransomware attacks.

Unlike Penetration Testing, this activity does not specify a particular attack perimeter but is a flexible, broad-spectrum security assessment, according to the methodology known as the “Cyber Kill Chain”, and it has several phases.

If required, for the banking and financial sector, the Red Team service can follow the TIBER-EU methodology, in which Terishield assumes the role of Red Team Provider.

Purple Teaming

Purple Teaming differs from Red Teaming in that it is more collaborative: In Red Teaming, the Red Team and the Blue Team work separately, with the Red Team simulating attacks on the Blue Team without prior notice, creating realistic scenarios in which the SOC must react spontaneously. In Purple Teaming, the Red Team and the Blue Team work together. In this context, the Red Team informs the Blue Team of the attacks carried out, which then assesses its own detection and response capabilities in real-time, allowing for continuous optimization of defence systems through constructive and direct feedback.

Ransomware Assessment

Ransomware assessment, or the evaluation of readiness against ransomware, is a process aimed at assessing an organization’s ability to defend against and mitigate the impact of a ransomware attack. Ransomware is a form of malware that encrypts files on a victim’s computer, then demands a ransom for decryption.

The assessment process can include a variety of activities, such as analysing the organization’s processes, tools, and capabilities, identifying any gaps in the design of security controls, and interviewing key stakeholders for further insights.

It may also involve designing and managing a simulation of a ransomware emergency situation to test the organization’s incident response processes.

A ransomware assessment can also entail the analysis of vulnerabilities associated with active services, classification of threat severity, and analysis and consolidation of the findings.

Furthermore, it can include the preparation of reports, which provide a detailed account of risk levels and recommendations for improving ransomware preparedness.

Another important aspect of ransomware assessment is evaluating the organization’s ability to resume operations in the event of an infection. This can include scanning defences against specific methods of intrusion, lateral movement, and exfiltration used by ransomware.

Social Engineering

Social engineering is a set of techniques used by cybercriminals to manipulate individuals to gain access to confidential information or network systems. This can occur through psychological manipulation, deception, or abuse of trust. Social engineering attacks can be highly sophisticated and often exploit users’ lack of awareness about the value of their personal data.

Phishing is a form of social engineering where an attacker pretends to be a trustworthy entity in a digital communication, usually via email, to obtain sensitive data such as login credentials or financial information. Phishing attacks can be very sophisticated.

Smishing, or SMS phishing, is a variant of phishing where the attack is carried out through text messages. In this case, the attacker sends a convincing text message that appears to come from a reliable source, prompting the recipient to click on a link or provide personal information. The link may lead to a phishing site or malware designed to steal information.

Vishing, or voice phishing, is another variant of phishing where the attack is carried out through phone calls. Here, the attacker may simulate a legitimate call centre, such as that of a bank, to obtain personal or financial information. This type of attack exploits the greater trust people tend to place in voice communications compared to written ones.

ATM Security

The ATM Security & Pentesting service focuses on analysing Automated Teller Machines (ATMs) to identify security vulnerabilities in both software and hardware. This service provides a comprehensive vulnerability assessment, identifying critical threats such as card skimming, malware attacks, network compromises, PIN fraud, and Supply Chain vulnerabilities (suppliers).

To assess the resilience of ATM defences against current and emerging threats, simulated on-site penetration tests are replicated using real-world attack techniques, including black box, white box, and grey box testing to manipulate the hardware and software.

Furthermore, a thorough review of the security architecture is conducted, closely examining communication protocols, authentication practices, data encryption, and system configurations to determine any gaps in the intrinsic security of ATMs.

In the event of a suspected breach, the service offers an in-depth forensic analysis, examining ATM logs, transaction records, and other digital forensic data in detail to reconstruct incidents and provide corrective mitigation actions.

The service also ensures that ATM systems comply with industry-specific standards and regulations, ensuring compliance and the adoption of best practices.

Penetration Testing is an Ethical Hacking activity and consists of a technical evaluation to be implemented over a dedicated time frame and designed to achieve a specific objective, for example, to exfiltrate customer data, to gain access as a network administrator or to modify sensitive employee salary information. They can be network-based, use physical attacks, social engineering, phishing, be application focused, or all of the above.

Suggested services

This activity is also an Ethical Hacking task and consists of a long-term or ongoing evaluation based on a campaign that emulates real-world adversaries with the goal of improving the quality of a company’s information security defences. Specifically, it is noted that the attack simulates Threat Actors including cyber-crime, as in the case of ransomware attacks.

Unlike Penetration Testing, this activity does not specify a particular attack perimeter but is a flexible, broad-spectrum security assessment, according to the methodology known as the “Cyber Kill Chain”, and it has several phases.

If required, for the banking and financial sector, the Red Team service can follow the TIBER-EU methodology, in which Terishield assumes the role of Red Team Provider.

Purple Teaming differs from Red Teaming in that it is more collaborative: In Red Teaming, the Red Team and the Blue Team work separately, with the Red Team simulating attacks on the Blue Team without prior notice, creating realistic scenarios in which the SOC must react spontaneously. In Purple Teaming, the Red Team and the Blue Team work together. In this context, the Red Team informs the Blue Team of the attacks carried out, which then assesses its own detection and response capabilities in real-time, allowing for continuous optimization of defence systems through constructive and direct feedback.

Ransomware assessment, or the evaluation of readiness against ransomware, is a process aimed at assessing an organization’s ability to defend against and mitigate the impact of a ransomware attack. Ransomware is a form of malware that encrypts files on a victim’s computer, then demands a ransom for decryption.

The assessment process can include a variety of activities, such as analysing the organization’s processes, tools, and capabilities, identifying any gaps in the design of security controls, and interviewing key stakeholders for further insights.

It may also involve designing and managing a simulation of a ransomware emergency situation to test the organization’s incident response processes.

A ransomware assessment can also entail the analysis of vulnerabilities associated with active services, classification of threat severity, and analysis and consolidation of the findings.

Furthermore, it can include the preparation of reports, which provide a detailed account of risk levels and recommendations for improving ransomware preparedness.

Another important aspect of ransomware assessment is evaluating the organization’s ability to resume operations in the event of an infection. This can include scanning defences against specific methods of intrusion, lateral movement, and exfiltration used by ransomware.

Social engineering is a set of techniques used by cybercriminals to manipulate individuals to gain access to confidential information or network systems. This can occur through psychological manipulation, deception, or abuse of trust. Social engineering attacks can be highly sophisticated and often exploit users’ lack of awareness about the value of their personal data.

Phishing is a form of social engineering where an attacker pretends to be a trustworthy entity in a digital communication, usually via email, to obtain sensitive data such as login credentials or financial information. Phishing attacks can be very sophisticated.

Smishing, or SMS phishing, is a variant of phishing where the attack is carried out through text messages. In this case, the attacker sends a convincing text message that appears to come from a reliable source, prompting the recipient to click on a link or provide personal information. The link may lead to a phishing site or malware designed to steal information.

Vishing, or voice phishing, is another variant of phishing where the attack is carried out through phone calls. Here, the attacker may simulate a legitimate call centre, such as that of a bank, to obtain personal or financial information. This type of attack exploits the greater trust people tend to place in voice communications compared to written ones.

The ATM Security & Pentesting service focuses on analysing Automated Teller Machines (ATMs) to identify security vulnerabilities in both software and hardware. This service provides a comprehensive vulnerability assessment, identifying critical threats such as card skimming, malware attacks, network compromises, PIN fraud, and Supply Chain vulnerabilities (suppliers).

To assess the resilience of ATM defences against current and emerging threats, simulated on-site penetration tests are replicated using real-world attack techniques, including black box, white box, and grey box testing to manipulate the hardware and software.

Furthermore, a thorough review of the security architecture is conducted, closely examining communication protocols, authentication practices, data encryption, and system configurations to determine any gaps in the intrinsic security of ATMs.

In the event of a suspected breach, the service offers an in-depth forensic analysis, examining ATM logs, transaction records, and other digital forensic data in detail to reconstruct incidents and provide corrective mitigation actions.

The service also ensures that ATM systems comply with industry-specific standards and regulations, ensuring compliance and the adoption of best practices.

Interested in our services but unsure how to tailor them to your business needs?

Our specialists are ready to listen carefully to your needs to identify and propose a customized solution that aligns perfectly with your requirements.

Contact Us

Complementary Consultations

Terishield offers a range of consultations related to the world of digital and financial security. Many services are often enhanced by the integration of others that can be described as complementary as well as supplementary.

Defence Security: The primary objective is to create barriers that make it difficult for attackers to penetrate or damage computer systems.
Learn More
Ethical Hacking: The main goal is to enhance security by anticipating techniques that could be used by malicious actors to illegally access systems and data.
Learn More
All Rights Reserved 2024 © Terishield SA