Shape
Shape

Offensive Security

More about our Offensive Services that keep your digital environment protected.

who we are - xx

Lodestone Offensive Services make threat actor tactics, techniques, and procedures (TTPs) work for you by testing your environment against real-world attacks without the risk to your critical data and business flow. Our penetration tests go beyond standard vulnerability assessments with proof-of-concept exploitation of vulnerabilities performed safely by our team of white hats. Lodestone’s experts set you up for success by hardening your environment with TTPs seen in the wild, identifying potential security weaknesses, and providing recommendations for remediation. Strengthen your company’s security posture from Active Directory to physical security, insider threats, and beyond, including key components of your business such as web applications. We also work with you to put your mind at ease by testing against headline-making cyberattacks like ransomware and phishing.

 

Lodestone GRCA ATTACK SURFACE MONITORING

ACTIVE DIRECTORY HARDENING ASSESSMENT

Microsoft Active Directory (AD) is a directory service that helps manage, network, authenticate, group, organize, and secure domain networks. It also allows administrators to manage permissions and control access to network resources and is, therefore, a particularly ripe target for threat actors.

As part of our AD security assessment, Lodestone experts identify potential attack paths and chances of exploitation tied to AD within your company’s environment. After combing through your AD environment and identifying potential misconfigurations, vulnerabilities and areas for improvement are validated and compiled into a report that provides a detailed, technical rundown for potential attacks that could compromise your AD environment. We work with you to pinpoint changes that can help you make the biggest improvements to your security posture in the fewest number of steps.

downloadActive Directory Hardening Assessment

Lodestone GRCA ServiceIcon EMAIL HARDENING ASSESSMENT

EMAIL HARDENING ASSESSMENT

Email is one of the most critical business applications for internal and external communications and a common target for threat actors. Whether you use Microsoft 365 (M365), Google, or an on-site Microsoft Exchange server, Lodestone can help you identify misconfigurations and mitigate business email compromises (BECs) that can result in catastrophic losses of money, data, and reputation. Lodestone professionals leverage their experience with actual BEC investigations and knowledge of email security controls such as authentication, email security, storage security, and mobile device management to identify where your configurations and settings may be leaving your company open to accidental data disclosure or an attack.

We set you up for success with a report that details not just our findings, but the risk levels of each, so that your personnel can focus on the most critical changes first.

downloadEmail Hardening Assessment

Lodestone ServiceIcon Penetration tests

PENETRATION TESTING

Penetration tests go beyond standard vulnerability assessments with proof-of-concept exploitations of vulnerabilities performed safely by our team of white hats. Lodestone’s experts use the same tools, techniques, and processes as real-world threat actors to exploit vulnerabilities, misconfigurations, and gaps in security training through social engineering attempts such as phishing. By going further than simply validating vulnerabilities, you can get a glimpse into how your organization would stand against actual threat actors without any of the risk. 

We work closely with you to minimize any downtime or unintended effects as a result of the penetration testing efforts and prepare a final report that describes in depth the activities we performed, the outcomes, and recommendations that strengthen your company’s security posture.

downloadPenetration Testing

Lodestone GRCA ServiceIcon Tabletop Exercises

PHISHING CAMPAIGN ASSESSMENT

Phishing is one of the most common initial intrusion vectors used by threat actors. Lodestone’s phishing campaign assessment (PCA) measures your company’s susceptibility to phishing emails that are often used to collect sensitive information or provide an initial access point into a network via a malicious link or attachment.

Our experts perform a realistic phishing campaign without the risk to your organization, gathering key metrics at every phase of the attack, including the number of employees that opened the phishing email, clicked the malicious link, and submitted user credentials. Arm yourself with an understanding of your employees’ security awareness and identify key areas where additional training and planning can strengthen your security posture.

downloadPhishing Campaign Assessment

Lodestone GRCA ATTACK SURFACE MONITORING

RED TEAM ASSESSMENT

Lodestone’s Red Team Assessment service goes beyond the typical penetration test to show you how a real attacker would fare against your current security setup with none of the actual risks.

downloadRed Team Assessment

Lodestone GRCA ServiceIcon Tabletop Exercises

VULNERABILITY ASSESSMENT

Vulnerabilities in network infrastructure are a common point of entry for threat actors. Lodestone’s vulnerability assessments combine automated scanning with manual assessment techniques and OSINT to evaluate your company’s security posture. These activities can be performed externally, by targeting all Internet-exposed systems and devices, or internally, with one of Lodestone’s proprietary vulnerability testing devices on your network.

Our experts identify potential security weaknesses in your environment and provide a report of our findings and recommendations to strengthen your company against would-be attackers.

downloadVulnerability Assessment

Lodestone ServiceIcon Web Application Penetration Testing

WEB-APPLICATION PENETRATION TESTING

Open-source components and plugins can be highly beneficial resources when building web applications and websites but may also result in that application or website inheriting vulnerabilities that threat actors can exploit.

As part of our web application penetration testing, Lodestone analyzes the critical components of your company’s web applications, examining aspects such as web-based portals, application programming interfaces (APIs), and web services. Lodestone’s experts thoroughly map business logic and data flow to validate your company’s web applications. Our final reporting process integrates detailed vulnerability and countermeasure information to help you close any gaps in your web application security.

downloadWeb Application Penetration Testing

Connect With Us

320 East Main Street
Lewisville, TX 75057

203.307.4984

An elite cyber security force

If you have a breach contact us at info@lodestone.com

Linkedin-in Twitter

©2023 Lodestone
Lodestone Security is a wholly owned subsidiary of Beazley plc. Lodestone provides computer security and cyber security consulting services. Lodestone does not provide insurance services and client information obtained by Lodestone is not shared with Beazley claims or underwriting. Likewise, client information obtained by Beazley claims or underwriting is not shared with Lodestone.