Simulating real-world attacks by mimicking the adversaries
What is goal Oriented Attack Simulation?
In an attempt to counter the shortcomings in the practices of “pen-testing-as-usual”, we pursue our own unique methodology we call Goal Oriented Attack. We engage our customers in a manner that far more closely mirrors the process an actual malicious attacker would use.
How does it work?
At a high-level, Syndis provides a commercial consulting service for which real-world attack operations are simulated. The cyclical approach focuses on identifying an organizations resources (both human & technical) that are open to attack, compromising them to turn them into an asset over which Syndis has a level of control, and using the capabilities provided by assets to realise the engagement goals defined together with the client.
At a more technical level, goal-oriented engagements are not bound by a specific methodology or a generic tool-base as generic penetration testing has become. Instead, they are based on the assumption that companies may monitor all activity, that all attacks should be passive and only mounted against resources that have been manually identified. In contrast to generic penetration tests, goal-oriented attacks are adapted and specially crafted for the target environment.
Why is it relevant?
Goal-oriented engagements provides customers with a simulation of what a skilled and motivated adversary would do to reach those same goals. They provide more pairs of eyes on the security profile of the company and how the security resources are being used. Goal-oriented simulations are also useful as a drill, testing the readiness of the company to respond to a realistic cyberattack or security breach.