Simulated or anonymized sensitive data is exfiltrated through various techniques in escalating levels of difficulty to detect, in order to identify gaps in SOC / IR team detection time, logging, and alerting.
The attack methodology closely models data exfiltration techniques used by real-world Threat Actors and Advanced Persistent Threats. Deliverables include a comprehensive breach analysis report of the attack scenario including the amount of data exfiltrated.
Custom developed non-malicious ransomware with a special kill-switch is deployed to scoped endpoints within your network to test SOC / IR response time, BC/DR plans and policies.
Phishing & Spearphishing
A range of purely custom developed phishing emails, with increasing user detection difficulty is devised through a co-operative effort between eVAL consultants and your internal leadership. Reporting with message open rates, form data user input, and opened attachments are provided to identify problem areas and the most successful phishing attack types within your business.