Are you safe?

Posted by: Orhan Sari Category: Threat Intelligence Tags: Post Date: November 3, 2017

Are you safe?

Keepnet Labs, can provide baseline security analysis of border protection devices such as AntiSpam, Ani-Virus, APT device, SIEM for hardening security configurations.

AntiSpam, Anti-Virus, SIEM and APT Detecting Systems are more than plug and play system, and you have to update and reconfigure those systems against  next generation attack vectors. Keepnet is testing your border protection devices with next generation types of phishing and exploitation technique then let you harden security configurations. SOC/IR team workflows can be easily integrated to Keepnet regarding to “Phishing” and  “Malware” cases.

WorkFlow of security analysis 

It’s easy to test your systems such as AntiSpam, Ani-Virus, APT device.  We need just a valid credential and smtp server address to test your systems.

Just add your email servers and any valid credential to replay scenarios.This module also tests your email server’s vulnerabilities which is important and exploitable.

Attack Scenarios

Vulnerability and Misconfiguration Scan

This module tests your email servers, anti-spam gateway, Antivirus etc. against to 135 different known vulnerabilities and misconfigurations. Keep it on your mind, day by day we’re updating our signatures …

Client-Side Attacks

One of the most harmful attack technique is called Client Side. Client side attacks require user-interaction such as enticing them to click a link, open a document, or somehow get to the malicious website. There are many different ways of using Keepnet Labs to perform client-side attacks and display the risks.

Header Manipulation

Attackers, Spammers and other bad guys always use this techniqeu to manipulate e-mail headers to attack clients or bypass the security systems. This module shows you how is it possible to infect your systems and gives you answers of your real risks.

Let it tests you …

  • Sending email without SPF records
  • Sending email without MX records
  • Sending email without “Reverse DNS” records
  • Sending email with IP which one already in Blacklist or has low reputation
  • Domain Squatting: we send you email with similar domains of your domains.
  • DNSBL Test

Malicious Attachment

This module capabilities has known and unknown (like 0day) malicious e-mail. Main purpose is sending malicious e-mails (such as pdf, doc, .xls, exe etc.files ) to your test account(s) then checking them in your inbox (security analysis). If they reached your inbo,  it means your security system has failed against them.

  • Example of known Cryptolocker’s Email
  • Attached with Undetactable Malwares
  • MS Office files which has malicious macro
  • Malicious PDF Files

Data Loss Prevention Test

Data Loss Detection and espectially prevention has utmost importance nowadays. It has known credit card data example, different types of username-password scenarios etc. Additionally, you may create your own test scenarios.

SIEM Integration

We are already logging all activities on the Keepnet Labs. Also we send them to SIEM. It helps your SOC/IR teams to take more effective action.

Active Response

Keepnet Labs helps you to create snort, suricata, yara and most popular firewall rules to get mitigation against to vulnerabilities and know phishing techniques. Please feel free to contact us with any questions you may have, contact@keepnetlabs.com

Share this post