SyCom’s RedSpy365 Continuous Penetration Testing solution provides real-time Security Gap Surveillance.
We provide 24/7/365 penetration testing via a hybrid of skilled operators and automated bot net technology. We use the latest best of breed tools from the open source community and commercial arena. We enable them to talk together via a common language which provides the best of machine repetition and human interpretation to provide actionable security based upon adversarial exploits, vulnerabilities, tactics, techniques and procedures. We provide deconfliction and advanced attack vector detection giving actionable intelligence 24/7/365.
24/7/365 advanced phishing
24/7/365 external static infrastructure attacks
24/7/365 advanced internal attacks
Client portal with findings and remediation
SIEM deconfliction and honeypot integration
Auto Phishing AttackThis is an auto phish using malware. It sends to user, user runs malware and triggers reverse shell back to portal. We could then trigger post exploitation bots automatically.
Auto Phish PasswordThis is an auto phish password. Here we run it manually to show you, but this CAN be automated. It tricks the user into giving their password away and then automatically passes it to another bot to try and login.
Direct AttackThis is a direct attack on a victim. We know the vulnerability to be used and the IP address.
Phish SimulationSimulations allow an admin to assign the client the ability to run attack simulations. Here, an admin creates a credential email phish simulation.
All simulation videos created by SyCom Senior Security Engineer, Darren Manners.
An auto email phish is sent and checks pastebin to see if it has been part of a dump before - indicating it was compromised before.
Auto Exploit Attack
An auto attack on a new found IP address. The system finds it, triggers a vulnerability scan, then triggers an exploit bot.
Auto Bot Creation
The portal will scan, detect a new device, trigger a vulnerability scan, parse scan and create bots (placed on hold) ready for analyst to edit and trigger.
"I find the continuous pen testing to be extremely valuable when determining where the weaknesses are in our network, and in our training."
A Virginia College