We are AKASEC.
We hack & protect.
Introduction
Who we are.
At AKASEC, we don't just hack; we innovate and safeguard. Our core proficiency revolves around pushing the boundaries of your digital defense mechanisms, employing advanced techniques to simulate the attack of a state or state-sponsored group, commonly referred to as advanced persistent threats (APTs).
As seasoned experts in hacking and protection, with our experience in the highest echelons of the Dutch government, we specialize in conducting comprehensive Black Teaming and Red Teaming exercises that mirror real-world cyber threats. We do not only identify vulnerabilities but we also fortify your defenses against the most sophisticated adversaries.
With a commitment to staying ahead of the curve, we also weaponize our development expertise to create cutting-edge offensive tooling and secure (mobile) communications to ensure your sensitive information remains confidential and protected against eavesdropping or unauthorized access.
Trust AKASEC to be your strategic partner in the ever-evolving landscape of cybersecurity, where innovation and vigilance are paramount.
Reconnaissance
Mapping all your online assets.
With Reconnaissance we map all the online assets of an organization, such as web servers, domain names, IP addresses, but also the footprint of the organization and even that of its employees. What does a hacker see that you don't? And how will a hacker use this information in an attack on your infrastructure to reach the crown jewels of the organization?
Assessment
Answering a specific security question.
The Assessment aims to answer a specific security question. For example:
- "What are the risks of our external attack surface?"
- "Which open ports can be found within our external attack surface?"
- "A new vulnerability has been published. Are we vulnerable?"
- "Is our application secure enough to be made accessible via the internet?"
- "What 'low hanging fruit' can be found in our web or mobile app?"
The security question is answered through automated and additional manual testing.
Penetration Test
Mapping digital vulnerabilities.
An important characteristic of a pentest is: a clear scope. A pentest is usually carried out on a web or mobile application or within (part of) an office network to expose as many digital vulnerabilities as possible within a short period of time. Through a combination of automated and manual testing (and a lot of creativity), the hackers try to gain unauthorized access to information and/or systems within the scope of the assignment.
The product of this test is a report with an overview of all vulnerabilities found - ranked by severity of the finding (CVSS score) - and advice with which the vulnerabilities can be resolved. The report is often explained during a presentation.
Red/Black Teaming
Advanced digital attacks.
Both Black Teaming and Red Teaming use simulated, realistic attacks to evaluate digital security. Both digital and physical attacks are carried out on systems, buildings and people (social engineering). An 'out of scope' is only agreed in exceptional cases, for example when a physical location is really not allowed to be entered due to various regulations.
Black Teaming specifically focuses on covert attacks carried out without the organization's knowledge (with approval, of course). For example, the test will take place in the year 2024, but the organization does not know exactly when, nor does the CISO.
Red Teaming takes a broader approach that evaluates the organization's overall security policy and may involve collaboration with internal and external security teams (defenders, or Blue Team).
Both forms are valuable for organizations that have already taken security measures and want to test and/or increase their cyber resilience. We base our attacks on a pre-agreed type of attacker (script kiddies, hacktivist, whistleblower, criminal, state). The 'insider threat' scenario in particular is increasingly discussed in organizations where the risk of corporate espionage is high.
SOC Use Case Testing
Testing the configuration and effectiveness of a SOC.
The organization has a - or uses an external - Security Operations Center (SOC) that monitors the most important digital assets (crown jewels). But how can the organization be sure that the SOC will effectively detect the attackers and mitigate their attacks? Have the SOC tested by having attackers trigger specific use cases with simulated attacks.
- Validate the effectiveness of detection rules against real-world attack scenarios at all threat levels.
- Stay at the forefront of evolving cyber threats through continuous testing and refinement.
- Custom testing methodologies to assess unique use cases and security requirements.
- Ensure that the SOC is technically properly configured to detect actual attackers.
- Ensure that investments in the SOC deliver optimal results in protecting your digital assets.
Security Partnership
Structurally increasing digital security.
Hackers are extremely creative, goal-oriented and do not give up easily. Instead of having a security test carried out once a year, more and more organizations understand that attackers are constantly inventing new techniques to get past your defenses and that it is therefore important to provide resistance at the same level.
The Security Partnership is for two types of organizations:
- The organization that has asked itself the question "Where do we want to be in the future in the field of information security?" and wants to learn and build cyber resilience throughout the year based on a Gap Analysis and Security Roadmap; and
- The organization that is still at the beginning and benefits from structural support and continuous advice to increase cyber resilience.
With a Security Partnership, we provide the organization with continuous advice and feedback by acting as a sparring partner on security issues and by carrying out scoped assessments.
VIP Research
Mapping digital risks in personal privacy and security.
Nowadays, a lot of information about our private lives is posted online. This can happen through our own actions or because authorities publish sensitive data on the internet. In situations where there is an (acute) threat, it is essential that this sensitive information is removed or modified from the internet as quickly as possible.
AKASEC has the ability, at the request of an individual, to search for sensitive information that poses a risk to personal security. Using our specialized OSINT skills, we map this sensitive information so that the individual can attempt to have this information deleted or modified.
From custom XDR bypass to secure software.
Did you know that Hackers are often also masters of software programming? They write custom code in various programming languages to exploit software vulnerabilities or bypass defenses.
The hackers at AKASEC all have a background as software developers and use their talents not only for the above, but also for developing offensive tooling such as automated attacks, command & control solutions (C2), secure software development training, and for the development of secure communication solutions (check out ZT-ONE.com).
ZT-ONE
Our secure mobile communications solution.
Afraid that a hacker is watching or listening in on sensitive conversations? Or do you want to blend in with the crowd by mixing your network traffic with other "noisy" traffic? AKASEC has developed a secure, encrypted mobile communications solution based on commercial hardware and software (COTS) that allows you to blend in with the crowd and stay protected from prying eyes.
The ZT-ONE is a mobile device (Google Pixel) that runs a highly secured version of Android: GrapheneOS. Apps cannot access sensor information such as geolocation and all network traffic is forced through the secure, encrypted Zero Trust connection due to our special user-centric policies.
You can optionally choose to monitor the ZT-ONE devices, so that immediate action can be taken based on deviations from normal traffic (alert). For more information, visit the website: https://zt-one.com
