Adversary simulation exercise: when real-life meet business

This article is a short story telling about one adversary simulation exercise POST CyberForce Offensive Security performed.

Article by ICT Experts (POST Luxembourg)

What’s an adversary simulation?

Unlike standard penetration test usually targeting one specific solution, application, or network; an adversary simulation exercise is more oriented on realistic approach where only objectives (flags) and out-of-scope scenarios are defined. It means that we are allowed, as attacker, to employ any attack vector that seems promising to reach our goal, as for example phishing attack, physical attack or/and internet exposed asset attack, if the customers agreed with such scenarios.

[…]

Introduction

Attack preparation

Attack execution

Read the full article HERE