Service Overview

Investigative Penetration Testing™ (IPT) is a proprietary offering developed by Emerging Defense designed to investigate and identify the source of a suspected security breach. The IPT “What would we do?” approach provides a revolutionary response to a data breach by identifying root causes in an accelerated fashion, saving potential hours, days, or even months of early/misdirected forensic investigation.

  Closing the Gap

Expert penetration testers naturally possess the skills to reach the bottom of a breach by following the same workflow and map through an organization as a real attacker. Penetration testing augmented with forensic preservation and historical breach investigation experience is a hybrid combination that is revolutionizing how breach investigations are performed.

The Difference

Emerging Defense fills a fundamental forensic skill gap where analysts have never performed the very attacks they are trying to identify. This technique eliminates the initial triage investigation delay, saving time, reputation, and the bottom line by allowing forensic analysts to focus on susceptible assets in favor of a traditional top-down elimination approach.

Read More About Our Value

  The IPT Approach

The IPT offering is composed of years of experience performing penetration testing across hundreds of unique clients and deep-dive forensic breach investigation. All Emerging Defense practitioners possess real Fortune 500 incident response and forensic knowledge, having been involved in investigating some of the most prolific and publicly exposed breaches. Despite IPT emphasis on incident response, our core value is maintained through an everyday focus on cutting-edge penetration testing vulnerabilities and techniques.

Attacker Experience

IPT can be executed with or without a detected breach and independently or in concert with an ongoing investigation to provide a flip side viewpoint.
 

Real Experience
Our like-minded attacker approach is a skill set not truly possessed by a full-time forensic analysts or incident handlers. Only practitioners currently in and actively participating in the penetration testing industry possess the time-sensitive knowledge of the latest and greatest underground techniques and vulnerabilities that are applicable to your potential breach or ongoing investigation.

Forefront Skills
Areas such as system log evasion, antivirus evasion, and data exfiltration techniques are continuously evolving. Conventional incident response processes are purely reactive and based on delayed, usually public, intelligence on attacker operations. The moment techniques become public, they are discarded by adversaries (consider Mandiant’s APT1 report).

Request a Call Today

  Less Time, Less Cost

A significant return on investment (ROI) and cost savings can be achieved through IPT. A successful engagement can guide an on-site forensic team’s analysis and focus, saving significant costs to the organization. In-house or contracted forensic teams can take precious days or months to complete an investigation starting from ground zero by casting a wide net across a large chunk of enterprise assets. This approach starts with little initial direction as to the potential source and/or scale of the breach until a significant amount of analysis can be performed to guide the remainder of the investigation.

Different Objectives and Outcomes

An IPT assessment is vastly different from a conventional penetration assessment service also provided by Emerging Defense. IPT requires deep breach investigation experience, a streamlined process model, forensic soundness, different objectives, and a fast turnaround.
 

Asset Prioritization All vulnerabilities and assets are not tested. Only targets of high value and breach potential are evaluated by the penetration testing team. High-value determination is made through the use of:
  • Practitioner personnel breach and penetration experience
  • Threat profiling performed using proprietary intelligence-gathering systems
Trail of Bits
A 100% black box approach is used to identify potential “breach paths” by leading the engagement team along the same trail of bits known and available to a complete outsider.

Surgical Analysis
Analysis is performed to actively search for breach indications and deliver susceptibility ratings for discovered assets that could have been leveraged in the breach due to the possession of exploitable vulnerabilities.

Forensically Sound
Focused testing activities are performed in a manner that limits the destruction of related forensic data in the event that a breached component is identified as related to the investigation.

Accelerated Processess
Emerging Defense’s company-wide resources are leveraged to complete the assessment in record time in order to provide valuable data points to on-site or internal investigation personnel early in the investigation phase.

In the event IPT is performed proactively within a suspect or unconfirmed breach environment, the IPT process can be throttled and customized.

  Methodology

Emerging Defense follows a proprietary methodology to consistently deliver value in a controlled manner. The following is a high-level overview of the IPT methodology. View Detailed Methodology

 

Phase I
Breach Profiling
  • Breach Intelligence
  • Known Vectors
  • Known Actors
Phase II
Environment Exploration
  • Black Box Reconnaissance
  • Asset Prioritization
Phase III
Exposure Identification
  • Manual Analysis
  • Indicator Analysis
Phase IV
Susceptibility Testing
  • Exploitability Testing (optional)
  • Susceptibility Testing
Phase V
Data Points & Reporting
  • Asset Susceptibility Ratings
  • Forensic Recommendations
  • Recovery Solutions
  • Strategic Solutions
 
View Detailed Methodology
Start Testing Today
  

Services

latest tweets @EmergingDefense

2 days ago Shadowbrokers released passphrase to decrypt equation group files https://github.com/x0rz/EQGRP


5 days ago Solaris rpc.cmsd remote root exploit (TAO's EASYSTREET) #0day #zeroday http://bit.ly/2ojN1x1


9 days ago This particular feature is also done within Office VBA and no external WMI, PowerShell, or Win32 API calls. http://bit.ly/2oNGxHB

Follow Us >

newsletter signup

Sign up for our newsletter