Raxis Red Team Services
“Everybody Has a Plan Until They Get Punched in the Face.”
-Mike Tyson
Red Teaming
A Game That You Always Win
The Raxis Red Team does not just test your defenses – we transform them. Whether we successfully breach your defenses or not, you gain critical insights to strengthen your security posture.
Email Phishing
We craft custom phishing campaigns tailored to your organization’s unique profile, ensuring maximum effectiveness and relevance. Our targeted approach allows us to focus on specific high-risk roles or conduct company-wide assessments, providing comprehensive insights into your cybersecurity awareness.
Physical Social Engineering
We’re experts at talking our way in, tailgating, and even circumventing digital locks to gain access to your network.
Telephone Social Engineering
Phones are increasingly being used to breach companies, and we will utilize similar tactics to assess the effectiveness of your security training.
Experience the Thrill of A Red Team
Red Team Operations Designed For You
Let’s Work Together
Many customers use our Red Team to test the effectiveness of their Blue Team. We’ll work closely with you to orchestrate a real world cyber attack to ensure everyone is ready when the real attack happens.
Real Vulnerability Exploitation
We’ll combine open source intelligence, dark web data, social engineering, our rock star pentesting team, and evasion techniques to safely test every aspect of your defense.
Safe, Blended Attacks
While our Red Team’s real-world cyber-attack is highly effective at finding gaps in your armor, we take precautions to ensure your systems and data remain safe during this controlled simulation.
Interface With Raxis One
Your interface to your Red Team engagement is through our online customer management portal, Raxis One. Securely communicate with your Red Team or download your comprehensive report.
Physical Security
In most of our Red Team assessments, physical security is deemed in scope to gain a full-inset view of every potential avenue of attack. We test physical security to ensure that intruders can’t gain access to your technology.
Experienced Professionals
Raxis’ Red Team brings decades of clandestine experience to bear against your defenses. Certifications include the OSCP, OSWE, C|EH, GPEN, and many others..
The Digital Shoplifter
Raxis Hack Stories
Our stories are based on real events encountered by Raxis engineers; however, some details have been altered or omitted to protect our customers’ identities.
In a daring demonstration of cybersecurity vulnerabilities, the Raxis Red Team orchestrated a multi-stage attack that exposed critical weaknesses in a major retailer’s digital infrastructure. The operation began with our team targeting the company’s wireless network using the powerful Aircrack-ng suite. This versatile toolkit allowed us to capture the network’s encryption key during a routine handshake process and swiftly crack it using Hashcat’s advanced capabilities.
With network access secured, we obtained local system access and then pivoted to internal systems using CrackMapExec, a potent post-exploitation tool. We discovered a system protected by nothing more than a default password—a digital equivalent of leaving the keys in the ignition. This oversight became our gateway, allowing us to gain local administrator privileges. Using CrackMapExec’s –sam option, we dumped the local SAM hashes, further expanding our access.
Like master locksmiths, we moved from system to system, leveraging our newly acquired local admin rights. Eventually, we obtained a prized domain administrator hash. Overnight, our dedicated team worked tirelessly, using Raxis’ Hashcat multi-GPU system to break this high-value credential. Returning the next day, we validated our newfound domain administrative access, cementing our control over the retailer’s entire digital domain.
The crown jewel of our operation was the discovery of the application and database containing store-branded gift cards and PINs, along with the ability to generate new ones at will. This find not only highlighted the potential for financial exploitation but also underscored the critical importance of robust, multi-layered cybersecurity measures in today’s retail landscape.
F.A.Q.
Frequently Asked Questions