24Hack Express

The 24Hack Express Service emulates opportunistic attack scenarios. The purpose of the activity is to demonstrate whether and how a Threat Actor can harm the corporate business and thus to verify whether the corporate security strategy is effective in thwarting a state-of-the-art cyber attack.
Unlike the other testing services: Penetration Test, Application Penetration Test, Vulnerability Assessment, Red Team Exercise, the Service does not aim to provide complete and detailed information on the security status of all assets, but to identify and exploit the fastest way to compromise the corporate perimeter and achieve critical objectives in a well-defined time frame 24 hours.

Overview

In the context of 24Hack Express, scope of activities, objective and carriers are defined

An opportunistic attack is an operation that is not targeted toward a specific reality and does not require special investment/resources to be put into practice.
Belonging to the category of opportunistic attacks are all those attacks that are not targeted toward a specific reality and do not require particular investment/resources to be put into practice.
This type of attacks is often practiced by Threat Actors whose main purpose is to extort money from organizations.
The most common consequences of this type of attack can be: exfiltration of data (data leak), encryption of files for ransom (ransomware), establishment of a persistent channel to intercept financial/operational information of the company (APT).

The scenarios that the Service considers are:

  • Unfaithful employee who uses his technical capabilities to do harm to the organization (exfiltrate data, compromise systems) or who in turn allows an external Threat Actor to exploit his device as an attack vector (bridge);
  • Compromising a workstation through a phishing campaign or malicious file operated without the employee’s explicit consent;
  • Use of illegally obtained corporate access credentials;
  • Exploitation of a critical vulnerability, allowing access to the corporate perimeter;
  • Supply chain compromise (ex. VPN site-to-site with partner or supplier).

In the context of the 24Hack Express, perimeter of activities, objective (as deep and extensive compromise of systems as possible) and vectors (starting point of the scenarios to be emulated) are defined.

Frequent use cases

Of a computer system lacking objective evaluation.

Of an opportunistic cyber attack in a single day of operation.

Of the exploitability of vulnerabilities present in a specific perimeter.

Of response to an opportunistic cyber attack.

Of the company in case a given scenario occurs

Of a third-party managed detection and response (MDR) service.

The advantages of 24Hack Express
1
Effective security
We test the organization in a real-life, opportunistic attack scenario within a well-defined 24-hour time frame.
2
Objectivity
We assess the level of IT security for further analysis as well as the organization’s ability to respond to an opportunistic cyber attack.
3
Operational continuity
We reduce the risk of a loss of data, financial or reputational damage.
CONTACTS

We are ready to listen to you. Write to us, we are at your disposal.