It is common for organizations to take advantage of multiple layers of security controls that include web gateways, firewalls, anti-virus, intrusion detection systems and other mechanisms. Combining them together is part of a popular approach known as defense in depth.
Blaze’s Defense Mechanisms Resilience Testing was designed to assess the effectiveness of the current defense mechanisms against several advanced scenarios to verify which layers can be pierced by an attacker with varying levels of sophistication.
This service is divided in three tiers, each of them with its own degree of effort.
The first tier uses simple malicious artefacts, such as a well-known malware or exploit. This first phase of the test is designed to assess the resilience of the endpoint and network-based protection mechanisms currently in place. Usually properly configured IDS, anti-virus and endpoint security software should be able to detect and mitigate the malicious artefact before it materializes into a threat to the company’s IT environment.
The second step of the test comprises of sending the same artefacts wrapped in different types delivery methods and using simple artefacts compiled in other executable formats. In this phase the artefacts are packed using public packers, sent compressed in formats like ZIP and RAR, or in the case of exploits have their payload replaced with more advanced, encoded shellcodes.
The third and last part of testing relies on a number of advanced techniques to attempt to get past the defenses in place. For this we use techniques such as payload obfuscation for evading IDSes, web gateways and anti-virus, bespoke executable packers, custom-built artifacts and the usage of different payloads like malicious Office documents.