The objective of a compromise assessment is to identify if an attacker is already in the organization’s network. As normal penetration testing would be assessing the current vulnerability of the server and will have no chance to pick up any host that has been compromise unless they managed to access the system and do some forensic study on the host.
The processes for compromise assessment is straight forward and simple as below;
During the assessment, Firmus will perform the actions as below;
- Any malware activities, ransomware activities, botnet packets and etc.
- Unknown active user account
- Changes on host configuration / addition
- Data exfiltration out of the network
- Processes that runs on a certain period of time and stays dormant during peak hours
- Many more…
By performing these assessments, the organization can then further contain the network or host that is affected and perform a incident response management before the malicious activity spreads through out the network.