Saudi

Arabia



Hunnic Cyber has partnered with Fiduciam Global to provide cyber security services to Banking, Oil & Gas, Telecoms, and Chemical & Manufacturing companies within The Kingdom of Saudi Arabia.

Hunnic Cyber is an ISO 9001, ISO 27001 and Cyber Essentials accredited security consultancy headquartered in London.

We possess specialist experience in performing complex Adversary Simulation and Advanced Intrusion Testing (AIT) exercises, alongside providing world class SAMA & NIST aligned Cyber Defence Services.



View Capabilities

Cyber Defence

Capabilities

Adversary Simulation

Red Teaming delivered with custom implants & tooling, and Traditional System Focused Penetration Testing comprising of application, infrastructure, WiFi and SCADA testing.

Security Architecture

NIST & SAMA aligned gap assessments to establish a baseline describing both controls coverage & maturity scores for operation of these capabilities.

Enterprise IT Governance

Monitor & Report organizational goals. Business engagement, requirements management & standards & guidelines.



Cyber Defence Design

Design, implement and develop SOC capabilities on Technology, Process and People layers.

Incident Response

Coordinate global high-priority incident response. Share intelligence information and maintain links with organizations that can contribute to the effectiveness and value of the Cyber Defense (SOC) .

Vendor Management

Evaluate, select and certify new Security Vendors. Recruit, Supervise, Coach, Motivate, Appraise and Develop a Global Team. Coordinate relations with counterpart departments.

Adversary Simulation

Methodology

image

1. Reconnaissance

During the first phase, extensive Reconnaissance is conducted against your organisation - your internet footprint, social media, and external services are assessed.

2. Exploitation & Persistence

Command & Control infrastructure is built, custom malware is authored and then three rounds of phishing - Pre, Bulk, and Spear - take place. Persistence is achieved via Registry, WMI, VPN or Scheduled Tasks.

3. Privilege Escalation

Once persistence has been achieved Active Directory enumeration is conducted, workstation patch levels & configurations are assessed, and network shares are enumerated.

4. Lateral Movement

Employing the TTPs of known threat actors, and using tools such as Rubeus, SharpHound, SharpSniper, & Mimikatz, the lateral movement phase continues until we have reached our target.

5. Operational Impact

At the end of the engagement we provide a detailed report, live presentation, and outline the technical risk to your cyber engineering team, and your senior management team translating our findings in business risk.

Threat Emulation

Sophistication

1. FIVE EYES – (GCHQ, NSA)

Supply chain attacks, undersea cable interception, quantum computing

  • 3. CYBER CRIMINAL GROUPS
  • Mass scale automated scanning and exploitation, bulk phishing, Credential harvesting

  • 5. HACKTIVISTS
  • Social media, phishing, low competency

    2. MID-LEVEL NATION STATE

    Custom implants & toolkits, polymorphic malware, exotic c2 protocols, SPEAR phishing

  • 4. HACKERS
  • Opportunistic, Application and Infrastructure focused, public exploits

  • 6. SCRIPT KIDDIES
  • Use of scripts, third-party tools solely, extremely limited sophistication

    image

    Your Security Controls

    Assessed

    Hunnic Cyber - Application Testing

    Perimeter Controls

    • Employee Security Awareness and Phishing resilience
    • Email Filtering
    • Email Anti-Spoofing Mechanisms
    • DNS Filtering
    • Web (HTTP / HTTPS) Filtering
    • Network Filtering
    Hunnic Cyber - Adversary Simulation

    Internal Controls

    • Malicious Network Activity Detection
    • Monitoring and Incident Response
    • Protection of Privileged Accounts - Domain Administrators
    • Protection of Privileged Accounts Protection of Service Accounts
    • Domain Security Policy
    • Data Loss Prevention
    • Patch Management Policy
    • Weak Password Policy
    • Network Segregation
    Hunnic Cyber - Tooling

    Workstation Controls

    • Workstation Hardening
    • Antivirus / Anti-Malware
    • Application Whitelisting
    • Protection of Privileged Accounts - Local Administrators
    • Application Security Settings
    • Employee Laptop Protection

    Cyber Defence

    Overview




    image

    Cyber Defense (SOC)

    Cyber Defense integrates all the people, process and technology aspects that are required for an effective cyber security incident handling capability. Its mission is to provide early detection and rapid response capability for cyber security incidents therefore minimizing their business impact.

    We can provide advisory to both public & private enterprise organizations, governments, and military.




    Incident Response Managment

    Mitigation of a cyber security incident follows a well-defined path of actions which can be represented via the Incident Response Chain.

    Cyber Defense focuses on to establish, maintain and continuously develop the organizational capability of executing these steps in the most effective manner.

    We can work with you to enchance and develop your Incident Response capabilities, or to manage them on your behalf.

    image

    Fiduciam Global

    References

    Selected Hunnic

    Reference

    I worked with Hunnic Cyber for a red teaming exercise and an external penetration testing. We have been fully satisfied in both cases....

    ....We change providers every year and as a result experienced a lot of penetration testing teams, clearly Hunnic Cyber demonstrate one of the greatest technical ability....

    ....I can only recommend them if you really want to test and find out where your security need to be improved.

    Antoine Fabry - CISO at Banque Havilland S.A, Luxembourg

    Schedule a

    Call

    NVD CVE Feed

    Hunnic Cyber - ISO 9001 Hunnic Cyber - ISO 27001 Hunnic Cyber - Cyber Essentials