Threat hunting means an active search for intruders in the organization infrastructure, sort of proactive digital forensics helping to increase detection capabilities of both inside and outside threats.
Get a quote
RedEye is our internal tool dedicated for threat huntingu, that allows to detect symptoms of attacks that are not identified by other products (e.g. endpoint protection). It does not require agent installation and additional permissions, only needs to be deployed inside the organization's internal network (LAN). RedEye is the result of our many years of experience in the field of attack simulation and incident response.
We offer both ad hoc assistance during incidents and a proactive service of constant 24/7 monitoring of IT resources in terms of cybersecurity (threat intelligence and threat hunting using RedEye) and immediate response to incidents (computer forensics and intrusion analysis). We invite you to familiarize yourself with the SOC-as-a-Service service offered by our Security Operations Center (SOC) team.
Our unique approach stands out with the fact that we are not only base our detection on known active crime groups, but focus on a wider perspective which allows us for more effective detection of targeted attacks, which are not detected by common tools and security software. Threat hunting is a constantly evolving process not a technology. We have a solid knowledge on real attacks and track covering techniques which comes directly from the services we offer – red teaming, penetration testing, as well as analysis and detection of such attacks – digital forensics and incident response. We dissect the attackers methods in order to detect them independently of which tools were used to perform them, simultaneously decreasing the number of operations on analyzed data that needs to be performed by the detection system resulting in increasing the efficiency. Additionally we use so called data enrichment for supporting internal data such as logs with outside information from our proprietary CTI (Cyber Threat Intelligence) system.
We know how to effectively identify attack symptoms and intruder presence in the organization infrastructure. A sample task for a threat hunter is to run a dedicated software (e.g. a honeypot) or monitor the DNS traffic inside a network looking for potentially malicious activity by e.g. checking entropy, types of DNS requests, comparison of domains with IOC (Indicator of Compromise) received from threat intelligence etc. On the other hand log analysis in this case is not only limited to monitoring base events, but means deep analysis by connecting many sources which can indicate that integrity has been compromised. Every solution is individually prepared to fit the customer needs in order to get best detection rates. Thanks to that type of approach there is a real possibility of detecting an attack, including the targeted ones which can help in reacting on time before real damage is done.
Cyber Threat Intelligence (CTI) is used to get constant information updates from outside source about a given organization. The services consists of two main parts: information for security teams and IOC (Indicator of Compromise) mostly used to automatic data enrichment for internal monitoring with SIEM systems, IPS (Intrusion Prevention System) or IDS/NIDS/HIDS (Intrusion Detection System, Network, Host). Simplest example of such enrichment might be acquiring IP addresses information from the honeypot network used by attackers or detecting changes of open ports in the company infrastructure. We use a dedicated proprietary software, which depending on customer needs automatically looks for potential threats or changes that might indicate a compromise. We support infrastructure monitoring with data from CTI which allows us to effectively detect targeted attacks. Our software collects information available on the Internet (OSINT) and actively monitors organization assets to look for changes inside both external (WAN) and internal (LAN) networks.
We perform OSINT engagements (Open-Source Intelligence) where we gather significant amount of information about the target organization on the Internet. Obtained information can be used to identify potentially vulnerable assets and weak spots which threat actors may choose to target. Information retrieved using OSINT techniques include details about employyes, organisation structure, physical assets, IT infrastructure and more.
REDTEAM.PL CERT is a recognized incident response team and a member of the largest organization Trusted Introducer that brings CERT teams together.
Threat hunting service is usually delivered as the 3rd, last line in the Security Operations Center (SOC). Additionally with our partner we are able to offer full SOC outsourcing, consisting of 3 lines, working 24/7.
We deliver advanced technical consulting services covering multiple aspects of cybersecurity from red team to blue team. Thanks to a diverse experience in IT security we are able to look at a wider perspective during engagements. Our abilities come from many years of work experience in cybersecurity and are confirmed with certificates, publications, advisories and references from our customers.
Security testing of IT/OT/IoT/SCADA. Verification of security for both infrastructure and applications including web, mobile and client-server.
Real-life attack simulations starting from technical aspects, social engineering to physical security. We perform Advanced Persistent Threat (APT) simulations.
Audits covering broad scope, including procedures, software architecture, cloud security, smart contracts audits, source code audits and vulnerability assessment.
Searching for active cyber threats, proactive digital forensics aimed for detecting attackers in the organisation. Service delivered as a form of constant monitoring and as a last line of SOC.
Criminal forensics: securing digital evidence, analysing traces of activity, digital forensics, log analysis, events, RAM analysis. Additionally secure data removal.
Smart contract security assessment. Security testing of decentralized Web3 applications, wallets, exchanges, trading platforms and infrastructure. On-chain attacks and funds flow analysis