🛡️ Sherlocked Security – Red-Team-Lite (Adversary Emulation)
When You’re Not Ready for Full Red Team – But Ready to Be Tested
📄 1. Statement of Work (SOW)
Service Name: Red-Team-Lite – Adversary Emulation
Client Type: Mid to Large Enterprises, BFSI, FinTech, Tech Startups
Service Model: Hybrid Threat Simulation (External + Internal + Social)
Compliance Coverage: MITRE ATT&CK Mapping, NIST 800-53, ISO 27001, RBI, CERT-IN
Testing Types:
- Initial Access Vector Simulation
- Phishing & Payload Delivery
- Credential Harvesting & Lateral Movement
- Endpoint & Network Evasion Techniques
- Privilege Escalation & Targeted Goal Emulation
- Threat Actor TTP Emulation (APT, Crimeware, Insider)
🧠 2. Our Approach
🎯 Simulate. Adapt. Assess Defenses.
[Recon & Setup] → [Initial Access] → [Execution & Persistence] → [Lateral Movement] → [Objective Execution] → [Detection Analysis] → [Debrief & Report]
🧪 3. Methodology (with Visual)
[Initial Meeting] → [Threat Actor Selection] → [TTP Planning] → [Access Simulation] → [Attack Path Execution] → [Impact Measurement] → [Detection Review] → [Reporting + Purple Debrief]
📦 4. Deliverables to the Client
- 🧾 Red-Team-Lite Report with MITRE Mapping
- 🎯 Emulated Attack Objectives & Kill Chain
- 🧰 Access Vectors, Credentials Used, Movement Logs
- 📈 Detection Matrix (What Was & Wasn’t Detected)
- 🛡️ Blue Team Readiness Feedback
- 🧠 Purple Team Debrief Session (Optional)
- 🏆 Adversary Emulation Scorecard
- 🔁 Fix Recommendations + Optional Retest
🤝 5. What We Need from You (Client Requirements)
- ✅ Scope agreement & NDA
- ✅ Asset inventory (IP ranges, user base)
- ✅ Threat actor type selection (APT, Insider, etc.)
- ✅ Security stack overview (EDR, SIEM, NDR)
- ✅ Contact point for deconfliction
- ✅ Optional – Blue team separation (for stealth assessment)
🧰 6. Tools & Technology Stack
- 🛠️ C2: Cobalt Strike (licensed), Brute Ratel, Mythic
- ⚙️ Delivery: Gophish, Custom Loaders
- 💡 Execution: LOLBAS, PowerShell, MSBuild
- 🛰️ Lateral Movement: PsExec, WMI, RDP
- 🕵️ AV/EDR Evasion: Obfuscation, DLL sideloading
- 📊 SIEM Detection Benchmarking
🚀 7. Engagement Lifecycle (Lead → Closure)
1. Scoping & Threat Actor Selection → 2. Recon & Access Setup → 3. Campaign Execution → 4. Lateral Movement + Privilege Escalation → 5. Goal Simulation → 6. Logging & Detection Review → 7. Purple Debrief → 8. Report Submission
🌟 8. Why Sherlocked Security? (Our USP)
| Feature | Sherlocked Advantage |
|---|---|
| 🧠 Real TTP Emulation | Based on MITRE ATT&CK & real threat actor data |
| 🔎 Purple Team Collaboration | Debrief with SOC for detection maturity |
| ⚖️ Controlled Intrusion | Risks managed for business continuity |
| 🛠️ Customizable Attack Paths | Choose APT, Ransomware, or Insider scenarios |
| 📈 Measurable Outcomes | Mapped kill chain, impact timeline, detection success |
📚 9. Real-World Case Studies
🕶️ Insider Threat Simulation
Entry Vector: Compromised VPN credentials
Action: Access to SharePoint, lateral move to R&D share
Impact: Downloaded PII & source code samples
Fix: Conditional access rules, SOC alerting enhancement
💣 Ransomware TTP Emulation
TTP Used: Trickbot > Cobalt Strike > File encryption
Target: Finance and HR folders
Outcome: AV evasion successful, partial detection in SIEM
Fix: Hardened EDR policy, improved lateral movement alerts
🛡️ 10. SOP – Standard Operating Procedure
- Scope & NDA
- Threat actor profile & goals
- Recon & access setup
- Payload development
- Initial access & privilege testing
- Lateral movement & goal simulation
- Kill chain mapping & impact
- Purple team review + report
📋 11. Sample Red-Team-Lite Checklist (Preview)
- Define threat actor profile and objectives.
- Conduct open-source intelligence (OSINT).
- Gain initial access through phishing/exploits.
- Establish C2 channels using evasive techniques.
- Enumerate internal network and assets.
- Move laterally and escalate privileges.
- Simulate data exfiltration.
- Evade detection and monitoring systems.
- Record all activities and time-to-detection.
- Debrief and provide actionable blue-team feedback.
📬 Contact Us or 📅 Book a Consultation