Attack simulation

An attack is mounted on your ICT infrastructure. Let us be the first and only ones to succeed

In business, you encounter an immense variety of challenges every day. One of them is maintaining the security of your company assets – for physical objects as well as electronic assets. Industrial espionage, cyberattacks and targeted malware are just a few items on the long list of potential risks. Our attack simulation checks the resilience of your organization to cyberattacks from a holistic perspective.

Dominique Meier

Dominique Meier

Partner & Head of Customer Success
Questions? Contact us

More information

Schwyzer Kantonalbank: Kontrollierter Cyber-Angriff

KIBAG: Simulated Cyber Attack

Uster Technologies: Security Assessment

Factsheet «Attack Simulation» (DE)


Why conduct an attack simulation?

  • 01
    PROACTIVE SIMULATION
    Conventional security reviews like penetration tests apply to a limited scope and are focused on the depth of analysis. Real attacks pay no attention to this kind of restriction. So our attack simulations are not restricted in scope either, which allows us to war game realistic attack scenarios according to a proactive approach. Not only does this put your infrastructure through its paces, it also tests your processes and employees in all areas.
  • 02
    WORST CASE SCENARIOS
    Our attack scenarios reflect the specific requirements of your organization and workflows. They are prepared in collaboration with your internal specialists in order to identify realistic worst case scenarios for the individual environments. These scenarios need to be custom built for each company and may include access to research findings, payroll lists, impairments in industrial and control systems or other areas. Proceeding in this way ensures that critical scenarios are used to illuminate your organization during the attack simulation.
  • 03
    RELEVANT RISKS
    The attack simulation exposes your company to real attacks, all of which seek to cause the pre-defined worst case scenarios within a controlled environment. This gives you a clear impression of the risks to which your organization is currently exposed. Our security experts give you clear answers to the question of which areas require stronger protection and where existing systems are already sufficient from a risk perspective. Individual sets of measures can then be defined and implemented on this basis. Our cyber security assessment is one way of measurably identifying your current risk areas, without intervening in your infrastructure..

Our modules

Our attack simulation has a modular structure, in which the following elements can be combined.


External attack

Public accessibility of at least some IT systems is often unavoidable in modern organizations. This exposure makes the systems interesting for attackers to either directly access sensitive data or as the first step for penetrating the internal network. In this scenario, Redguard behaves like an external attacker attempting to penetrate your infrastructural systems that are available on the Internet. Our security experts apply known attack methods, as well as ones that are specifically tailored to your systems. Potentially sensitive data is extracted and analyzed if an attack succeeds. The attack seeks to penetrate your internal network areas as well.

Inside LAN

Lurking within your network, we simulate an attacker who has managed to access your internal network. We identify and actively utilize the vulnerabilities we encounter there. This may involve the use of exploits or techniques like redirecting network traffic, as well as technology-based social engineering (e.g. the creation of fake login screens). This scenario aims to discover what an attacker might potentially achieve as soon as he or she has penetrated your internal network, for instance using malware. As a result, we can provide profound statements on the specific security of your internal network in particular. It is also possible to simulate the damage potential associated with a failure in the perimeter security.

Malware infection

All important data or information will at some point be processed or read by someone. Most commonly this will take place on the employees’ client devices. This means that in many cases, attackers will not have to penetrate central servers. Instead it is sufficient if they gain access to suitable client devices to obtain the data they seek. This scenario simulates infection of a client with malware as a means of accessing sensitive data. The next step is to place the device in your internal network and to manipulate it via the Internet using the command & control channel (C2). Additionally, we attempt to transfer sensitive data out of the company, which enables an assessment of the installed data loss prevention (DLP) systems and the defense mechanisms such as intrusion detection and prevention systems (IDS/IPS).

Spear phishing

This module mounts tailored phishing attacks on individual persons or groups. It involves an attempt to target the persons in a deliberately relevant context in order to encourage them to disclose sensitive information like customer data or login details or even to execute malware on their workstations. The findings of this module provide a clear impression of your current employee awareness and can be used furthermore as a basis for relevant training or evaluating technical measures. Last but not least, this external threat puts the perimeter security through its paces – and therewith also the responsible employees within your organization.

Physical access

Our company physically penetrates your business premises (without the use of force). In particular, this involves the use of social engineering. The underlying aim is to steal or least copy sensitive information in hard copy (e.g. documents), as well as to position technical eavesdropping devices. This module addresses a large number of issues: Firstly, the social engineering attack reviews the current awareness among your employees, while secondly assessing the internal security measures such as active security systems and other technical mechanisms.