Security Operations Center (SOC)RTFS.PL ↗
Security Operations Center (SOC)
Security Operations Center (SOC) is a team that constantly monitors the infrastructure for cybersecurity threats and responds to incidents such as hacker attacks.
We provide SOC outsourcing operating 24/7 and consisting of three lines of support – to learn more about our offer related to SOC/CERT/CSIRT services visit RTFS.PL.
REDTEAM.PL CSIRT (RFC 2350) is a recognized incident response team CERT/CSIRT and a member of the Trusted Introducer. We have published numerous security research on our techblog:
- Threat hunting using DNS firewalls and data enrichment – How to build a DNS firewall engine.
- Internal domain name collision – Demonstration of a domain name collision attack scenario.
- Sodinokibi / REvil / Maze ransomware (TTPs & IOC) – We have secured digital evidences and analysed servers used by APT group.
- DNS for red team purposes – DNS use in offensive security.
- Deceiving blue teams using anti-forensic techniques – Description of techniques used for misleading blueteam.
- Bypassing LLMNR/NBT-NS honeypot – Demonstration of a honeypot bypass which is recommended by MITRE ATT&CK.
- “Practical computer forensics analysis” – Book released by Polish Scientific Publishers PWN, with a review from an IT Expert Witness mł. insp. dr hab. inż. J. Kosińskiego, professor of Police Academy in Szczytno.
REDTEAM.PL combines real competences both in the field of offense and defense, and our cybersecurity research is widely recognized in the world. We use our extensive knowledge and several years of experience on proactive threat hunting. In addition, we also act as an IT Expert Witness to assist law enforcement in the fight against cybercrime.
Our team has real experience in both offensive and defensive security. We offer services such as penetration testing, red teaming and social engineering excercises, as well as incident response and digital forensics. We have achievements in both of these areas, such as numerous credits for the vulnerabilities found, as well as recognized publications and research on defensive security. All this is additionally supported by dozens of references from satisfied customers. The high quality of the services offered is of key importance to us. Some of the media coverage or public apprecation of our work:
- Forbes, SANS, ZDNet about our research Stealing local files using Safari Web Share API.
- Recently we reported multiple security vulnerabilities in Google Chrome browser what resulted in total bounty of $68,000.
- BleepingComputer about Black Kingdom ransomware (TTPs & IOC) research.
- SANS and CERT-PL about Sinkholing BadWPAD infrastructure research, for which we received acknowledgments from national CERT teams of Latvia (CERT-LV) and Estonia (CERT-EE).
- Splunk about DNS based threat hunting and DoH (DNS over HTTPS) research.