Simulating real-world attack scenarios, discovering and exploiting vulnerabilities to strengthen your organisation's security posture, and developing offensive security tools in-house.
Simulating real-world attack scenarios to identify and exploit vulnerabilities in your security posture for both cyber and physical.
Simulating a scenario where the attacker/insider is already inside your organisation to test your internal defences.
Emulating tactics, techniques, and procedures of specific adversaries to test your defences against real-world threats.
Discover and assess your organisations attack surface you might not be aware off.
Testing your organisation's resilience to social engineering attacks through simulated phishing and other techniques.
We define objectives, gather tailored intelligence from sources like the dark web, industry trends, Australian Government, Five Eyes partners, private sources and internal methodologies, and plan the attack strategy to deliver a realistic scenario.
We conduct attacks emulating adversaries, vairied on each engagement and attack scenario, we usually focus on initial access, persistence, privilege escalation, lateral movement, and collection.
We analyse findings, document results in detailed reports, including execution logs, graphics, and timelines, and provide a comprehensive debrief.
We offer guidance on mitigating identified issues through threat hunting, user awareness training, and purple teaming, and share insights to strengthen security posture and drive organisational improvements.
Starknex was engaged with an Enterprise customer to do a red teaming engagement. Our objective was to test out this organisations defences and simulate an assumed breach scenario where we had limited access to the corporate network as a "contractor", badge access to their facilities and covertly exfiltrate target data without being detected.
During this red teaming engagement, our team has gone under the radar for copule of months, blending in as everyday users and understanding this client's systems, processes and culture. We successfully exfiltrated said sensitive data from a network we didn't originally have access to without being detected. Additionally, during internal reconnaissance, through a misconfigured Line-of-business app for Identity Management was discovered, we were able to elevate our privileges as Global Administrator on their Microsoft 365 Tenant and do a full take over of this organisations entire environment from the inside in a matter of weeks.
Before starting Starknex, our Founder & Director has hacked into one of the largest tech companies in
the world to uncover confidential information about upcoming
hardware and software releases and everything about the company. - He was just curious and wanted a job at this company.
More details will come out early next year about this so stay tuned!
Through persistent reconnaissance, he exploited a vulnerable
portal to gain access to the internal network.
He
obtained sensitive information, executed code, and maintained ongoing
persistence. He accessed and exfiltrated sensitive information
about current/upcoming services, software and hardware; including source code, schematics,
customer data, and an autonomous vehicle project.
He had the keys to the entire company at this point, it took the
company 2 years to discover the initial hack and they attempted to mitigate it.
As this company blocked the initial hack, our founder was able to hack back into the network through [REDACTED] means and found documents about "security and network improvements" which was used against them.
That lasted for a few week, and eventually FBI and Australian Federal Police raided his house.
Our approach to offensive security is what makes us different.
We are adverserial-focused: We think like a hacker and act like a hacker. We are the hackers.
Being
creative, solving complex problems, thinking outside the box and strive to completing our objectives.
Through our security research, we have
built and engineered covert offensive security hardware and
software, developed custom tatics, techniques and procedures (TPPs) that an unknown Advanced Pesistant
Threat (APT) or a new threat actor from our threat intelligence would use in a real world cyber
attack, and are usually hard to detect, providing a more realistic threat actor
approach in our cyber and physical offensive security engagements.
Starknex also does red team vs blue team activities internally to "dogfood"/test our own offensive security tools and tactics & techniques in our own environment, facilities and networks while improving our own internal security, and before we use them on our clients .
We’re tight lipped on some of our research and development
¯\_(ツ)_/¯
Explore our offensive security services and discover how we can help improve your security posture.