Intelligence – Led
Penetration Testing
An Intelligence-Led Penetration Test (Intel-led Pentest) closely mimics the tactics and techniques of sophisticated and persistent cyber attackers with the intention of compromising an organization’s critical systems.
This is performed by first collecting and analyzing threat intelligence relevant to an organization, to identify potential threats actors along with their tactics and techniques. The intelligence gathered is then used to perform an intelligence-led penetration test.
Why Intelligence Led Penetration Testing?
LGMS offers an Intel-led Pentest to provide assurance that your organization is resilient to cyber-attacks based on emerging and evolving threat scenarios.
Compared to a traditional penetration test, an Intel-led Pentest can provide a holistic view of your organization’s potential attack surfaces and the resilience of your defenses against cyber-attacks.
In addition, this will assist with compliance with Bank Negara Malaysia (BNM) Guidelines for Risk Management in Technology (RMiT), which requires an Intel-led Pentest to be conducted once annually.
Methodologies
Threat intelligence on the target organization is collected and analyzed from two key areas of interest (Targeting & Threat Intelligence). Both areas contribute to the development of threat scenarios.
Phase 1 - Targeting
LGMS will identify the organization’s potential attack surfaces.
Phase 2 - Threat Intelligence
LGMS will identify threat actors relevant to the organization and probable threats scenarios.
Phase 3 - Scenario Development
LGMS will develop threat scenarios to simulate cyber-attacks by relevant threat actors.
Penetration Testing
Based on the threat intelligence gathered and scenarios developed, LGMS will perform a penetration test with the use of manual and automated techniques to reflect extreme but plausible cyber-attack scenarios:
Assessment
Execution
Review
