Offensive Security
Leveraging attack tactics to prepare for the worst.
Harden Defenses Through Attack Simulation
Lodestone Offensive Services test your environment against real-world attack tactics to highlight risks and vulnerabilities, without impacting critical data or business activities. Lodestone’s experts set you up for success by hardening your environment using TTPs seen in the wild, identifying potential security weaknesses, and providing recommendations for remediation. Our focus can span from Active Directory to physical security, insider threats, ransomware, phishing, and testing key components of your web applications. Offensive security provides a clear view of risk and reinforces the understanding that security needs to be continuously improved.
ACTIVE DIRECTORY HARDENING ASSESSMENT
Microsoft Active Directory (AD) is a directory service that helps manage, network, authenticate, group, organize, and secure domain networks. It also allows administrators to manage permissions and control access to network resources and is, therefore, a particularly ripe target for threat actors.
As part of our AD security assessment, Lodestone experts identify potential attack paths and chances of exploitation tied to AD within your company’s environment. After combing through your AD environment and identifying potential misconfigurations, vulnerabilities and areas for improvement are validated and compiled into a report that provides a detailed, technical rundown for potential attacks that could compromise your AD environment. We work with you to pinpoint changes that can help you make the biggest improvements to your security posture in the fewest number of steps.
EMAIL HARDENING ASSESSMENT
Email is one of the most critical business applications for internal and external communications, and a common target for threat actors. Whether you use Microsoft 365 (M365), Google, or an on-site Microsoft Exchange server, Lodestone can help you identify misconfigurations and mitigate business email compromises (BECs) that can result in catastrophic losses of money, data, and reputation. Lodestone professionals leverage their experience with actual BEC investigations and knowledge of email security controls such as authentication, email security, storage security, and mobile device management to identify where your configurations and settings may be leaving your company open to accidental data disclosure or an attack.
We set you up for success with a report that details not just our findings, but the risk levels of each, so that your personnel can focus on the most critical changes first.
PENETRATION TESTING
Penetration tests go beyond standard vulnerability assessments with proof-of-concept exploitations of vulnerabilities performed safely by our team of white hats. Lodestone’s experts use the same tools, techniques, and processes as real-world threat actors to exploit vulnerabilities, misconfigurations, and gaps in security training through social engineering attempts such as phishing. By going further than simply validating vulnerabilities, you can get a glimpse into how your organization would stand against actual threat actors without any of the risk.
We work closely with you to minimize any downtime or unintended effects as a result of the penetration testing efforts and prepare a final report that describes in depth the activities and outcomes to strengthen your company’s security posture.
PHISHING CAMPAIGN ASSESSMENT
Phishing is one of the most common initial intrusion vectors used by threat actors. Lodestone’s phishing campaign assessment (PCA) measures your company’s susceptibility to phishing emails that are often used to collect sensitive information or provide an initial access point into a network via a malicious link or attachment.
Our experts perform a realistic phishing campaign without the risk to your organization, gathering key metrics at every phase of the attack, including the number of employees that opened the phishing email, clicked the malicious link, and submitted user credentials. Arm yourself with an understanding of your employees’ security awareness and identify key areas where additional training and planning can strengthen your security posture.
RED TEAM ASSESSMENT
Lodestone’s Red Team Assessment service goes beyond the typical penetration test to show you how a real attacker would fare against your current security setup with none of the actual risks.
Red team exercises can be coordinated or launched unannounced to feature security protocols, processes, and response times.
VULNERABILITY ASSESSMENT
Vulnerabilities in network infrastructure are a common point of entry. Lodestone’s vulnerability assessments combine automated scanning with manual assessment techniques and OSINT to evaluate your company’s security posture. These activities can be performed externally, by targeting all Internet-exposed systems and devices, or internally, with one of Lodestone’s proprietary vulnerability testing devices on your network.
Our experts identify potential security weaknesses in your environment and provide a report of our findings and recommendations to strengthen your company against would-be attackers.
WEB-APPLICATION PENETRATION TESTING
Open-source components and plugins can be highly beneficial resources when building web applications and websites but may also result in that application or website inheriting vulnerabilities that threat actors can exploit.
As part of our web application penetration testing, Lodestone analyzes the critical components of your company’s web applications, examining aspects such as web-based portals, application programming interfaces (APIs), and web services. Lodestone’s experts thoroughly map business logic and data flow to validate your company’s web applications. Our final reporting process integrates detailed vulnerability and countermeasure information to help you close any gaps in your web application security.
Connect With Us
320 East Main Street
Lewisville, TX 75057
203.307.4984