top of page

Consulting :: Compromise Assessment
Let's get confident

Rapid
Triage
 

Collecting system artefacts to enable a quick lab analysis, correlation of the behaviors and potentially existing threats.

​

We primarily look at the following:

  • System and users logs

  • Programs execution

  • Processes list

  • Network connections

  • Files and system timeline

  • Unknown files and malware

  • Memory anomalies (RAM)

​

The deliverable is a list of relevant findings and recommendations for next steps.

​

Linux/Unix and Windows collection software packages are available here.

​

 

 

 

More details

​​

 

Simple pricing

​

250 $ per system

 

​

​

​

Network threat assessment
 

Capturing network traffic (internal or internet) with protocol inspection and threat/anomaly detection with Sophos XG perimeter security.

 

This work requires a dedicated network security appliance for security filtering and threat detection, and a robust indexing server with high-integrity redundant storage.

​

We provide an all-inclusive, ready-to-go setup to inspect and monitor all the network traffic details.

​

The assessment is run over 10 consecutive days to have visibility on many network usage contexts (days, nights, weekends, etc).

​

The deliverables contain a list of relevant threat findings, network detailed metrics exported from our tools and a live debrief.

​

More details

​

​

 

Simple pricing​​

 

20 000 $ per assessment

​

  + shipping/transport

  + professional services as req.

​

Compromise assessment report
 

A compromise assessment aims to provide a honest risk answer to a simple question: what is the probability that my organization is actually breached or compromised by some threat actor, and what would the potential impact be.

 

Reasons to justify this endeavour vary from periodic threat hunting activities by the SOC team, executive or Board interrogations to compliance and insurance qualification audits.

​

The deliverable is a compromise assessment report which contains the details about the methodology, the scope of assessment, relevant risk findings, conclusions and recommendations.

​

 

 

 

 

More details

​

​

 

Simple pricing

​

Standard consulting rate.

​

​

​

​

Let's get confident

​

A compromise assessment is a mean of assessing the risk of your environment being actually breached or compromised by various threat actors.

​

The reasons to justify this endeavor vary from periodic threat hunting activities by SOC teams, executive or Board interrogations to compliance and insurance qualification audits.

​

We will provide access to the network inspection consoles so that you can see what we see in real time.​

​

The rapid triage collection can be executed autonomously by your local team if you wish, and the results provided to us then.

​

Get in touch with us to determine how we can participate to your success.

​

More infomation

More information

HARDWARE

  • Servers:

    • We build our servers ourselves with low-noise, cost-effective and premium off-the-shelf parts.​

    • Highly multicore fast processors (8C/16T to 16C/32T);

    • Fast and voluminous memory kits (up to 256 Gb);

    • Enterprise-grade premium hard-drives models for maximum integrity and durability;

    • RAID high-integrity redundant storage and fault-tolerance (hardware on "Boss", software on "Junior");

    • Fast temporary/work storage (SSD or NVMe);

    • Large display included;​

    • "Junior" is mini tower server in a water/dust-proof storage and transport container (single person lift);

    • "Boss" is a 4U server in a 6U rackmount water/dust-proof storage and transport container (2 person lift);

​​

  • Support equipment (when relevant)​

    • Mouse/keyboard;

    • USB write-blocker device;

    • Large quick transfer USB SSD drive;

    • Chain of custody documentation;

​

  • Network inspection:

  • We use Sophos-branded technologies as a confident corporate user and official reseller, namely the XGS line of appliances (XGS 2100 and above);

  • Network ingestion capacity of the indexing server is typically of 1x 2.5 Gbps RJ45 copper interfaces ("Junior") or 1x10GE SFP+ ("Boss"). Other configurations available on request (4x 1Gbps on "Junior", 4x 2.5 Gbps on "Boss");

  • Network security filtering of the security appliance is typically of 8xGE RJ45 copper interfaces (10GE SFP+ fiber available on request).

​

SUSTAINABILITY

  • Our deliverables are produced and sent in digital form to save on trees, unless absolutely mandatory.​​

​

  • We print on recycled paper with organic inks.

​

  • Quality 80+ Gold efficiency power supplies or better in our servers and stations.

​

PRICING DETAILS

  • Our prices are expressed in USD currency;​​

​​

  • Our standard DFIR hourly rate will be communicated on demand. Get in touch with us to determine how we can help you.

​

bottom of page