Abricto Security recommends APAE only for mature organizations with enhanced cyber capabilities. APAE is the granddaddy of security assessments. This engagement typically lasts for three to six months and assumes a nation-state level of targeted attacks. We first meet with senior leadership to establish clear target goals and objectives of the engagement.
Abricto Security gathers information on the target organizations, which we then use to identify the pathways of least resistance and greatest potential for success. Next, we execute our attack strategy and measure how the organization responds. We then compile a comprehensive report that documents all information gathered, tools and methods used, security controls observed and areas of opportunity.
Penetration testing is an excellent snapshot assessment, meaning it measures your organization’s security at a specific point in time. APAE takes measuring security to a whole new level by focusing attack efforts for an extended period of time, typically months. This allows the Abricto Security team to collect more intelligence on specific targets to launch a crafted campaign leveraging social engineering, phishing, trojan payloads, persistence techniques and more to compromise the organization. The goal is to emulate real-world threats targeting your organization to better prepare the organization for defending against state-sponsored cybercriminals.
Areas of Focus
- Publicly accessible information about the organization
- Social media profiles of targeted individuals
- Previously compromised credentials
- Prolonged social engineering
- Covert communications channels
- Data exfiltration
- Maintaining persistence
- Comprehensive data dump of all data obtained on the organization and targeted individuals.
- Executive summary report outlining business risks.
- Technical report detailing sources of information, social engineering attempts, call records and more.
- Video footage, aerial maps of targeted facilities and artifacts used for exploitation.
Abricto Security leverages social engineering, plus active and passive reconnaissance techniques to gather troves of information on the target organization.