We base our approach on different well-known frameworks:

We decided to mix them together to capitalize on the best parts of each one and be able to cover our client’s attack surface as effectively as possible.

To deliver the engagement, we apply the following methodology based on several years of experiences and “try & fail”:

• Kick-off meeting,

• Information gathering,

• Identification of possible entry points,

• Manual & Automated tests,

• Attempts to break in,

• Perform lateral movements,

• Report the findings,

• Optional retest.

We can perform engagements in 3 different modes :

• Black box: we don’t have any information in advance about the targets in scope, except the targets’ address or domain names,
• Grey box: the client gives us minimum information to begin the engagement. Then, they can supply more information on-demand in order to go deeper and not remain blocked on a specific point,
• White box: the source code, full configuration information, architecture documents, etc. are available.

The main difficulty is to find the right balance between allocated time and information availability. The objective is to be as close as possible to a real attack, but in a limited amount of time,

despite a real attacker would have several months for the reconnaissance phase. This is why we recommend a grey / white box approach to improve the return on investment for the client.

The mindset of the team is to be fully transparent with the client by delivering a high-quality report composed of:

• A high-level executive summary where we move the vulnerability from a technical context into a business context to make management understand what the consequences in case of exploitation are,
• A technical section where vulnerabilities per domain are sorted by remediation order. To sort them, we use specific and easily understandable criteria, that take the business/technical context into account
• All scripts, command lines, software etc. used to uncover the vulnerability are described in the report, in case the client wants to replay himself the attack,
• A high-level conclusion in which we give our opinion and recommendations about the security of the targets in scope.

Several added values can be identified with this type of engagement. Amongst others:

• Giving your team members real experience in dealing with a security breach,
• Uncovering security aspects that are lacking from a technological or process point of view,
• Uncovering the most-at-risk routes to your sensitive assets.

As trust and proximity are strongly linked together, our team can support you with a high availability all around Switzerland. We can also ensure management proximity, as ELCA Security is a real Swiss and independent actor.

Cybersecurity is an investment on a long-term perspective to anticipate future potential cyber-attacks and limit their impacts on daily business.

For most companies, it is not justified to invest substantial amounts in this domain. This is why ELCASecurity proposes several discovery assessments to allow you to make a first step into the Cybersecurity world.

These types of engagements are focused on SMEs, as they are missing resources in this domain. We can cover several advisory domains: