Offensive Security

More about our Offensive Services that keep your digital environment protected.

who we are - xx

Lodestone Offensive Services make threat actor tactics, techniques, and procedures (TTPs) work for you by testing your environment against real-world attacks without the risk to your critical data and business flow. Our penetration tests go beyond standard vulnerability assessments with proof-of-concept exploitation of vulnerabilities performed safely by our team of white hats. Lodestone’s experts set you up for success by hardening your environment with TTPs seen in the wild, identifying potential security weaknesses, and providing recommendations for remediation. Strengthen your company’s security posture from Active Directory to physical security, insider threats, and beyond, including key components of your business such as web applications. We also work with you to put your mind at ease by testing against headline-making cyberattacks like ransomware and phishing.

VULNERABILITY ASSESSMENT

+

Vulnerabilities in network infrastructure are a common point of entry for threat actors. Lodestone’s vulnerability assessments combine automated scanning with manual assessment techniques and OSINT to evaluate your company’s security posture. These activities can be performed externally, by targeting all Internet-exposed systems and devices, or internally, with one of Lodestone’s proprietary vulnerability testing devices on your network.

Our experts identify potential security weaknesses in your environment and provide a report of our findings and recommendations to strengthen your company against would-be attackers.

Vulnerability Assessment

PENETRATION TESTING

+

Penetration tests go beyond standard vulnerability assessments with proof-of-concept exploitations of vulnerabilities performed safely by our team of white hats. Lodestone’s experts use the same tools, techniques, and processes as real-world threat actors to exploit vulnerabilities, misconfigurations, and gaps in security training through social engineering attempts such as phishing. By going further than simply validating vulnerabilities, you can get a glimpse into how your organization would stand against actual threat actors without any of the risk.

We work closely with you to minimize any downtime or unintended effects as a result of the penetration testing efforts and prepare a final report that describes in depth the activities we performed, the outcomes, and recommendations that strengthen your company’s security posture.

Penetration Testing

WEB-APPLICATION PENETRATION TESTING

+

Open-source components and plugins can be highly beneficial resources when building web applications and websites but may also result in that application or website inheriting vulnerabilities that threat actors can exploit.

As part of our web application penetration testing, Lodestone analyzes the critical components of your company’s web applications, examining aspects such as web-based portals, application programming interfaces (APIs), and web services. Lodestone’s experts thoroughly map business logic and data flow to validate your company’s web applications. Our final reporting process integrates detailed vulnerability and countermeasure information to help you close any gaps in your web application security.

Web Application Penetration Testing

PHYSICAL SECURITY ASSESSMENT

+

Physical security protects more than a company’s assets, but the heart of the company itself – its personnel, hardware, and offices. Lodestone’s physical security assessment is a combined process of an intensive audit of the current physical controls in place and the training that employees have undergone.

Our experts use real-world social engineering techniques like tailgating, lockpicking, and RFID duplication to evaluate the overall physical security of your organization. We examine user interactions, security personnel, and the presence and placement of tools like video cameras, badge readers, and mantraps. At the conclusion of the assessment, we present to you the key wins and areas that need improvement for your company’s physical security.

Physical Security Assessment

EMAIL HARDENING ASSESSMENT

+

Email is one of the most critical business applications for internal and external communications and a common target for threat actors. Whether you use Microsoft 365 (M365), Google, or an on-site Microsoft Exchange server, Lodestone can help you identify misconfigurations and mitigate business email compromises (BECs) that can result in catastrophic losses of money, data, and reputation. Lodestone professionals leverage their experience with actual BEC investigations and knowledge of email security controls such as authentication, email security, storage security, and mobile device management to identify where your configurations and settings may be leaving your company open to accidental data disclosure or an attack.

We set you up for success with a report that details not just our findings, but the risk levels of each, so that your personnel can focus on the most critical changes first.

Email Hardening Assessment

ACTIVE DIRECTORY HARDENING ASSESSMENT

+

Microsoft Active Directory (AD) is a directory service that helps manage, network, authenticate, group, organize, and secure domain networks. It also allows administrators to manage permissions and control access to network resources and is, therefore, a particularly ripe target for threat actors.

As part of our AD security assessment, Lodestone experts identify potential attack paths and chances of exploitation tied to AD within your company’s environment. After combing through your AD environment and identifying potential misconfigurations, vulnerabilities and areas for improvement are validated and compiled into a report that provides a detailed, technical rundown for potential attacks that could compromise your AD environment. We work with you to pinpoint changes that can help you make the biggest improvements to your security posture in the fewest number of steps.

Active Directory Hardening Assessment

RANSOMWARE READINESS ASSESSMENT

+

Ransomware has been the star of many recent cybersecurity headlines as a type of malware that threat actors can use to encrypt files in a victim’s environment and demand ransom payments to restore access. With the rise of ransomware groups, a ransomware readiness assessment can be essential to evaluating your company’s security posture.

Lodestone experts identify where your defenses are strong and where vulnerabilities may exist that a ransomware actor could exploit. We combine external testing, an understanding of the human factor, and simulated ransomware infection exercises to assess your organization’s tools, procedures, and overall ability to defend against and mitigate the impact of a ransomware attack.

Ransomware Readiness Assessment

ATTACK SIMULATION

+

Put your security to the test with a red team assessment: an attack simulation designed to measure how well your company can withstand an attack from actual threat actors. Our experts use real-life experience and OSINT to emulate the TTPs used in the wild without the danger to your environment and business flow. Whether you want to test a specific device or application, the protections around protected or business-critical data, or your network; overall, Lodestone works with you to create a custom testing plan and provide weekly updates on our status.

Go beyond simply identifying vulnerabilities by testing your organization’s detection and response capabilities and identifying how to improve them further by maximizing the speed of your response time to potential security incidents and, in turn, maximizing your chances of catching an attack before it can cause serious harm to your business.

Attack Simulation

PHISHING CAMPAIGN ASSESSMENT

+

Phishing is one of the most common initial intrusion vectors used by threat actors. Lodestone’s phishing campaign assessment (PCA) measures your company’s susceptibility to phishing emails that are often used to collect sensitive information or provide an initial access point into a network via a malicious link or attachment.

Our experts perform a realistic phishing campaign without the risk to your organization, gathering key metrics at every phase of the attack, including the number of employees that opened the phishing email, clicked the malicious link, and submitted user credentials. Arm yourself with an understanding of your employees’ security awareness and identify key areas where additional training and planning can strengthen your security posture.

Phishing Campaign Assessment

BREACH SIMULATION

+

While there is no such thing as a flawless defense, your company can be prepared to respond to even worst-case scenarios with decisiveness and strength.

Internal breach simulations consist of activities a threat actor might perform if one of your users or hosts has already been compromised or if an insider threat was present within your environment. Identify the most vulnerable roles and pathways to critical data from within your environment to make your organization more resilient in the face of an attack.

Breach Simulation

Connect With Us

320 East Main Street
Lewisville, TX 75057

203.307.4984

Name

Subject

Message