Case Studies

ENTERPRISE, GOVERNMENTAL

  • Open Source Intel
  • Insider Threat 
  • Web Penetration Testing 

Customer Requirements:

Due to the geo-political changes and their potential ramifications in the arena of cybersecurity, a governmental organization sought to test how deeply an advanced persistent attacker could penetrate into their ecosystem, both as an outside external hacker and an insider threat.  (AUG 2020)

OP Innovate planned an OSINT campaign to gather information as the reconnaissance phase prior to launching an attack on the customer’s assets. This would be followed by penetration testing of the internet facing assets, then identification of the most advanced attack (from the perspective of exploitability and impact) that an insider threat could execute. 

OP Innovate’s Red Team began researching the target organization and gathering information on  business purpose, personnel, technological platforms, employees that could potentially have an impact on it and other in-scope components.

The Red Team collected many leaked user credentials found in 3rd party breaches then the team conducted a social engineering and spear phishing campaign, and managed to trick a user and gain control over their local, domain connected machine. After installing a network scanner and gaining admin privileges on many of the organization assets and machines, the team gained control of a web developer’s workstation which enabled them to move laterally as admin to the websites and gain admin privileges on 80% of the organization’s web assets. 

The organization has patched and mitigated the Red team findings with the help of the researchers’ recommendations. The organizational resilience to the ever-present threat of cyber attack has been increased and a long term defense plan has been established. 

FINANCE, insurance

  • Incident Response
  • Vuln. Assessment
  • Open Source Intel
  • Negotiation team

Customer Requirements:
Ransom demand to a financial company (Dec 2019)

 

Late Thursday night, a call was received from the CISO of a large financial services company with a market value of over a billion dollars. He stated that he’d received a ransom demand threatening to leak privileged internal corporate information unless  $1 million was paid within 48 hours.
As an Incident Response Team, we packed our unique ‘jump bag’ and rushed to the company headquarters. Our Intelligence & Negotiation Team discovered that the attacker had advertised the privileged internal information “for sale” on dark web forums. To show just how serious they were, the attackers included a customer’s private account balance, a value updated to the internal CRM just a day prior. The Team initiated contact with the attackers.  
OP Innovate’s Incident Response Manager realized that the attackers may have a real-time foothold in the company’s systems so the Team began to search for indicators of the attackers’ persistence. They also  sought to minimize exposed systems and recover normal business operations. 
Eventually, the organization’s CEO announced that this incident had been a top secret drill prepared by the company’s Board of Directors. This simulation was critical to demonstrate that the organization’s IT team could handle a serious incident with potentially far-reaching consequences to the organization’s reputation, under the pressures of a crisis situation.

Enterprise

  • Strategic Planning
  • Incident Response
  • Data Forensics
  • Data Analysis 

Customer Requirements:
Data Forensics & Incident Response (DFIR) lab

 

As strategic planners and analysts, we were engaged to design a DFIR lab to complement the Security Operations Center (SOC) of a global enterprise Managed Detect and Response services provider. By mapping out and analyzing the processes and activities that accompany an ongoing cyber incident that would target an enterprise, as well as the artifacts and response that characterize the aftermath, we were able to identify the procedures and tools required for effective real-world incident handling and payload analysis, regardless of the type of attack.

FINANCE

  • Incident Response

  • Vuln. Assessment

  • Open Source Intel

  • Crypto Currency

Customer Requirements:
A cryptocurrency exchange was hacked. Assets worth millions were stolen.

 

As an Incident Response team, we packed our “jump bag”, identified the attack vector, contained the attack and recovered more than half of the stolen assets. In phase two we conducted a quick and intensive vulnerability assessment to prepare ourselves for a second wave of attack.

Finance, Banking

  • Penetration Test
  • Vuln. Assessment
  • Open Source Intel

Customer Requirements:
A global credit card company wished to map the potential vulnerabilities of their internet-facing infrastructure, as well as mapping the breadcrumbs available in the wild.

 

As pen-testers and intelligence specialists, we launched our intelligence framework and mapped out the company assets. We then triaged and launched our automated and manuals crawlers to fish as many details available over the clear, dark and deep web. After some correlations with credential leakages we were ready to launch our pen-test framework, exposing the customer’s vulnerability, and carefully exploiting it to prove the advantage gained and potential impact.

paramilitary

  • Incident Response

  • Open Source Intel

  • Radio Frequency

  • WiFi

Customer Requirements:
A paramilitary company was warned regarding a leak of their sensitive data being sold in the deep web. The leak was traced back to their WiFi.

 

As an Incident Response team, we first mapped the damage with an effort to contain it, then launched two parallel defense-vectors. One was an intelligence effort, trying to map to identity of the leaker, the assets leaked etc. The second was an RF effort to try and get our hands on the leaking device.  

Banking, Finance, Insurance, Military, Defense

  • Incident Response
  • Open Source Intel
  • Penetration Testing
  • Vuln. Assessment
  • Range Simulator

Customer Requirements:
A military industry sought to develop a Cyber range platform and outsourced composition of the adversarial stages.

 

As offensive specialists, we designed and developed an extensive series of end-to-end cyber campaigns for use in a cyber range. Each campaign presents students with an immersive experience that realistically and holistically challenges them on the progressive stages of the variety of threats and attack methodologies from our real-world experience. Scenarios encompassed reconnaissance and data harvesting of the modeled topology through absolute exploitation of vulnerable assets, and finally full compromise of the victimized network. In a world experiencing significant shortfall in qualified security personnel, our schemes drill students by leveraging the attack indicators, creating an automatic scoring module, and providing a theoretical background and exam.

finance

  • Vuln. Assessment
  • Strategic Work plan

Customer Requirements:
A US-based private equity company wished to map out their vulnerabilities and ramp up their information security posture.

 

As offensive specialists we modelled the company’s threat profile and came up with a number of proofs of concept demonstrating exploitability of discovered vulnerabilities. The result of the assessment was handed over to our defensive team who translated them into a remediation and mitigation strategy and prioritized into a multi-phase work plan designed to complement the company’s resource availability and tolerance for organizational change.

Entertainment

  • Incident Response

  • Open Source Intel

  • Forensic Investigation

Customer Requirements:
A leading provider of video streaming services was hit by a brief distributed denial of service (DDoS) attack. More destructive attacks were threatened.  

 

As Incident Responders, we focused initially on business continuity, deploying measures and configurations that would prevent a full-scale DDoS attack from causing damage. We followed up with an in-depth forensic investigation of the perpetrator, building a profile that provided enough information to contain and terminate the incident without payment of the ransom.

Banking, Finance

  • Incident Response
  • Open Source Intel
  • Penetration Testing
  • Vuln. Assessment
  • Radio Frequency

Customer Requirements:
A bank in South-America was tipped off regarding an active surveillance being conducted from their offices and IT environment. 

 

As Incident Responders, we launched 2 teams in parallel – IT and RF specialists. The IT team acted as PT, trying to mimic a potential adversary and shed some light regarding vulnerable assets. This team uncovered active yet unknown privileged accounts on the company VoIP operator, as well as a potential penetration of the CCTV camera and DVR at the bank owner’s residence. The RF team scanned the offices for radiant devices that may be transmitting the recordings “back home”

You can become a case study . . .  
or you can get in front of the game

GET IN FRONT OF THE GAME