FORESTALL – ACTIVE DIRECTORY ASSESMENT AND SECURITY

FORESTALL – ACTIVE DIRECTORY ASSESMENT AND SECURITY Forestall is focused on adversarial tactics on Active Directory. With this motivation, we are developing a multi-staged platform that comprises proactive and reactive countermeasures for emerging Active Directory threats. Also, we share our deep technical knowledge with customers through unmatched services Secure your digital future with Forestall. Forestall offers a wide range of services and products for building APT resilient infrastructures. Solutions for every business need. Active Directory Security Assessment Active Directory Security Assessment ADSA service can reveal configuration weaknesses, lateral movement and privilege escalation paths before the attackers. In this way you can prevent and detect common Active Directory attack vectors with building more resilient environment. Essential Target for Adversaries. Active Directory is a key component for corporates and nearly all threat actors and APT groups is targeting AD for gaining access to the crown jevels of company. For example APT29 and APT32 uses pass the ticket method to lateral movement. APT34 (OilRig) group uses Outlook Homepage feature for breaching external perimeter. With this service you can prevent or detect this kind of attacks and you can build resilient Active Directory environment. ADSA Service Comprises; • Privilege Escalation/Lateral Movement Attack Path Analysis • Domain Controller Auditing • Domain Computer (Client/Server) Auditing • Privileged Access Workstation Auditing • Exchange Server Auditing • Privileged User/Group Auditing • Password Auditing • Delegation / Access Control List Auditing • Local Admin / User Auditing • Active Directory Administrative Tier Model Analysis • Active Directory Logging Auditing • Active Directory Compromise Assessment Adversary Simulation Adversary Simulation is the process of using tactics, techniques, and procedures (TTPs) to emulate real-world threats with the goals of training and measuring the effectiveness of people, processes, and technology used to defend their environment. What if FIN7 breach our network? Luckily, we have the answer. Forestall focuses and uses objection-based adversary-centric methods for assessing corporates’ detection capabilities. With these simulations, we can reveal the effectiveness of your security products and the blue team’s incident response capabilities based on MTTD/MTTR/Dwell Time metrics. Within the scope of the service, methods developed by both APT groups and Forestall team are used and all methods are reported according to the MITRE ATT&CK matrix. Adversary Simulation vs Penetration Testing Unlike penetration tests, Adversary Simulation service reveals not only the vulnerabilities of the organization but also the effectiveness of the detection and response processes, the technologies, and the teams that perform these processes. For this reason, our team focuses on achieving scenario-based objectives, not revealing all vulnerabilities in the IT infrastructure. You can only fight the way you practice. These simulations also bring blue teams the experience of encountering a real adversary, thus develop the reflexes of the team to use during the real incident. For more details please click the link below

Forestall