A retail client that has been working closely with Mobius Binary over the last few years to mature their security posture through regular penetration testing requested Mobius Binary to perform a threat testing exercise. The intended goal of the project was to determine whether the client’s automated security controls are configured correctly and whether they would be effective in the event of an attack.
To perform a threat simulation that mimics the adversarial tactics and measures the effectiveness of the implemented security controls.
Mobius Binary utilised our Threat Simulation service, which includes the use of many open-source tools and scripts being executed against the target system. These tools emulated attacks based on the MITRE ATT&CK matrix which is commonly used as a foundation for the development of specific threat models and methodologies. At the end of the engagement, a detailed technical report was provided, which consisted of the results from the assessment, remediation steps where attacks were executed successfully, and an executive summary which could be shared with business stakeholders.
Additionally, a detailed debrief session was held with the client to present the findings to the primary stakeholders and to guide them through the results.
The outcome of this testing indicated that the defensive security measures implemented by the client prevented a majority of the attack vectors from being exploited. However, the small subset of attacks which were able to execute were noted as areas for improvement to continually bolster internal security controls.
As a result of this service offering, Mobius Binary was able to highlight the potential security risks as well as recommend remedial advice to improve the client’s security posture. Additionally, the client obtained evidence that supported and justified the cost and effort incurred to complete a recent defensive security project. Overall, the results clearly demonstrated how ongoing penetration testing efforts with Mobius Binary were yielding significant results in their cyber security maturity journey.