ADVERSARIAL SIMULATION

White Oak’s Security Testing provides an in-depth test of your mission-critical systems with highly detailed results – allowing you better understanding of your risk and your compliance issues

Adversarial Simulation is a term that takes into consideration a number of security testing approaches that go beyond standard penetration testing.  Red Team exercises, Social Engineering, and Threat Emulation can all shine a light on threats and risks that may not be identified through a single, asset-focused process.

By incorporating process, training, technical testing, and people into the mix, White Oak can provide insight into not only issues that may affect an application or your infrastructure, but also gaps in the overall security environment - including defensive tools, monitoring, and gaps in training (or the need to repeat training). 

Red team tone2.png

Red Team

White Oak Security's Red Team Service is an adaptive threat actor emulation on networks and host systems as identified by the client.

Our approach will combine elements of penetration testing with social engineering to evaluate the organization’s ability to detect and respond to advanced adversaries.  Our methodology differs from a standard penetration test by incorporating many tactics, techniques and procedures that are out of scope for a penetration test. 

While all Red Team exercises are highly defined with and by our clients, during the course of the engagement our team may leverage phishing, simulated malware payloads, physical attacks, “dumpster diving,” social engineering, and more... 


Social engineering tone2.png

Social Engineering

Regardless of the technological or physical security measures you implement, the strength of your environment and organization comes down to the training, awareness, diligence, and honesty of your organization’s trusted employees, contractors, and vendors.

White Oak Security will work with your organization to identify areas of concern.  We perform target identification and information gathering, followed with persuasion and deception techniques in an attempt to gain access to sensitive information or systems. These efforts identify gaps in training or areas in which existing training needs to be altered or re-emphasized.  We will work with you to build a training approach (and deliver that training if desired) that will provide your employees the information, habits, and process that they need to combat these social engineering techniques.


Consulting tone2.png

Threat Emulation

Our Threat Emulation service can also be called a 'Purple Team' exercise.  The goal is to perform in-depth penetration testing in a step-by-step manner while actively working with our client's SOC and security team to both find vulnerabilities and test their defensive and detective capabilities.

Are your detective controls working as they should?  If not - how do we get them tuned properly?

Does your response process work effectively to active threats?  How can it be made more effective?

Is training properly preparing the team to respond?  What can be added or modified to make that training more impactful?

Today's companies invest a great deal of time and effort (and money) in security controls and security training - are those investments paying off and how can they be maximized?


FORWEBThreat Hunting-tone2.png

Threat Hunting

White Oak’s Threat Hunting service is focused on identifying potential threats that are already resident in your environment.  While potential existing threats are often identified during other testing activities (such as penetration testing) those efforts are primarily focused on identifying vulnerabilities that might be utilized to attack our clients’ systems and applications.

Threat Hunting follows a structured process that focuses on threats that may have already utilized an existing attack vector to compromise an environment.  White Oak’s process takes your concerns and goals and drives our efforts to gather and analyze data to determine if those threats are present and active.