Service Overview
CYE’s Risk Assessment is a comprehensive, hands-on evaluation designed to assess an organization’s security risk from an attacker’s perspective. It provides a detailed understanding of the current security posture, identifies potential vulnerabilities, and evaluates the effectiveness of existing mitigation measures—especially in follow-up assessments.
Methodology
The assessment consists of the following phases:
External Reconnaissance
This phase focuses on collecting publicly available information that could be leveraged in an attack. Typical activities include:
Passive data gathering from public sources and social networks
Identification and enumeration of public IP ranges
Detection of publicly disclosed vulnerabilities (e.g., on hacker forums, IRCs, darknet platforms)
Identification and prioritization of information assets
Identification and prioritization of potential threat sources
Definition of the primary threat scenarios relevant to the organization
Internet Perimeter Breach
This phase simulates an external attack aiming to breach the organization’s internet perimeter. If the perimeter cannot be breached, an “assume breach” scenario is enacted. In this case, the team receives access equivalent to a regular employee’s domain user account, representing a later stage in a typical attack lifecycle.
Typical activities include:
Identification of exposed IP addresses and interfaces
Scanning and enumeration of these interfaces to identify open ports and services
Vulnerability assessment of internet-accessible services
Evaluation of internet connectivity for internal network entities
Internal Assessment and Lateral Movement
This phase begins with access to the internal network and focuses on additional reconnaissance to identify systems critical to the assessment’s objectives. A command-and-control (C2) infrastructure may be established to maintain persistent access. In some cases, compromising the Microsoft Active Directory domain is required; in others, critical assets may be accessible through alternative paths.
Typical activities include:
Scanning and enumeration of network segments and assets
Active Directory enumeration
Vulnerability assessment of servers and network equipment that could enable lateral movement
Exploitation of Active Directory configurations to escalate privileges and move laterally
Attack Capability Phase
This phase involves executing a complete attack chain, demonstrating how a threat actor could compromise the organization’s critical business systems.
Typical activities include:
Cross-domain lateral movement
Gaining control of defined critical business assets (e.g., sensitive data, critical services)
Performing domain-level persistence attacks
Assessment Deliverables
Upon completion of the assessment:
All findings are documented in Hyver, CYE’s Continuous Threat Exposure Management (CTEM) platform
Attack paths from threat sources to critical assets are visualized on the mitigation graph
The organization’s maturity level is assessed using the NIST Cybersecurity Framework, combining technical findings with organizational insights
These insights enable organizations to design and manage effective mitigation plans, including timeline definitions, ownership assignments, and resource planning (cost and effort).
Assessment Prerequisites
The following information is required prior to the assessment:
A list of organizational crown jewels, which will serve as the assessment’s target assets
Appropriate access based on the simulated threat scenario (e.g., domain user account and network-connected machine for insider scenarios)
A direct communication channel with a technical point of contact for real-time queries
Completion of a pre-assessment document, including scoping information, asset data, and other relevant information based on the environment and the unique scope of the engagement
Customer Engagement
The assessment begins with a planning session to identify critical business assets and define relevant attack scenarios.
A 1-2 hour scoping session with a customer representative is typically required
Weekly one-hour sessions with a network architect are recommended during the assessment to address technical questions related to the environment, assets, and users
Relevant Standards
The proprietary methodology is based on the following frameworks:
MITRE ATT&CK (adversary tactics and techniques)
NIST Cybersecurity Framework
CIS Critical Security Controls
Security Domains Covered
The assessment addresses the following security domains:
Cross-organizational policies, procedures, and governance
Security operations, monitoring, and incident response
Network-level security
Server, network equipment, and endpoint security
Application-level security
Sensitive data and information management
Identity management and remote access