Our Cyber team at KPMG Romania has performed a large variety of red teaming exercises for clients in different industries such as: Telecom, Oil and Gas, Maritime transport and Finance/Banking. The intelligence-led security testing projects followed the guidance of frameworks such as TIBER-EU.
Over the years we have been involved in multiple threat simulation projects where we replicated real world scenarios which tried to mimic adversarial tactics, techniques and knowledge from MITRE ATT&CK®. Our scenarios are based on information gathered from public and private sources in the threat intelligence phase of the projects. During the attack scenarios we simulated APT groups by creating similar infrastructure and manually developing malware which imitates tools used by the respective threat actor.
We have designed and coded tools to fit the following goals:
- Ransomware: custom ransomware tools to encrypt files on workstations, we have also developed quick fixes and recovery method for the encryption algorithm.
- Malicious browser extensions: custom browser extensions created in order to be used to steal cookies/sessions or to perform phishing.
- Insider threat: custom data exfiltration tools used to test the effectiveness of IDS/IPS
- Initial access stagers / Antivirus evasion: our team has a long history of creating tools which bypass popular AVs and grant remote access to major operating systems (Windows and Linux).
Security Awareness trainings
Our approach for security awareness trainings goes beyond mere compliance; we strive for long-term behavioral change by fostering a security-oriented organizational culture. Through engaging workshops, interactive sessions, and real-world scenarios, we provide your workforce with the expertise needed in order to recognize and mitigate cyber risks effectively.
We bring practical experience to the table since our team members have successfully conducted security awareness programs for diverse clients, ranging from small businesses to large enterprises. Our previous projects involved equipping employees, executives, and board members with the knowledge and skills necessary to safeguard sensitive information, prevent data breaches, and respond effectively to cyber threats.
It is comprehensible that security awareness is not a one-time event but an ongoing process. Our team will work collaboratively with your organization to create customized training modules, ensuring that your personnel remain vigilant and well-prepared in the ever-evolving cyber landscape. If you need further details or have specific requirements, don’t hesitate to reach out by using the contact form or our email address.
Social Engineering projects
We understand that the needs of each of our clients is different, thus we aim to develop most of the social engineering exercises manually. The scenarios and pretexts are designed in such a way that they fit even complex situations or exercises.
Our team can provide expertise on critical steps of the social engineering projects such as:
- Scenarios:
- Online: phishing (spear phishing or mass phishing attacks), phishing via SMS, CEO fraud attacks, deepfakes, malicious QR codes.
- On site: physical penetration testing, wireless evil twin attacks, wardriving.
- Pretext: The pretext is usually created to simulate a motivated attacker and focuses on replicating real world scenarios or phishing campaigns seen “in the wild”.
- Infrastructure: Our team members have developed infrastructure using Cloud services such as AWS, Azure or Google Cloud in order to simulate different real world attacks scenarios. But it is also possible to create and host our infrastructure internally if privacy is must or a concern for you.
- OSINT: Gathering as much information as possible about a target or company from sources as social media.
Security Café 