We recently delivered an Advanced Persistent Threat (APT) Penetration Test to one of our customers. People who know us know that when we say APT we’re not just using buzz words. Our APT services maintain a 98% success rate at compromise while our unrestricted methodology maintains a 100% success at compromise to date. (In fact we offer a challenge to back up our stats. If we don’t penetrate with our unrestricted methodology then your test is free. If we do get in then you pay us an extra 10%.) Lets begin the story about a large retail customer that wanted our APT services.
When we deliver covert engagements we don’t use the everyday and largely ineffective low and slow methodology. Instead, we use a realistic offensive methodology that incorporates distributed scanning, the use of custom tools, zero-day malware (RADON) among other things. We call this methodology Real Time Dynamic Testing™ because it’s delivered in real time and is dynamic. At the core of our methodology are components normally reserved for vulnerability research and exploit development. Needless to say, our methodology has teeth.
Our customer (the target) wanted a single /23 attacked during the engagement. The first thing that we did was to perform reconnaissance against the /23 so that we knew what we were up against. Reconnaissance in this case involved distributed scanning and revealed a large number of http and https services running on 149 live targets. The majority of the pages were uninteresting and provided static content while a few provided dynamic content.
While evaluating the dynamic pages we came across one that was called Make Boss. The application was appeared to be custom built for the purpose of managing software builds. What really snagged our attention was that […]