Case Studies & Key Insights

Netragard was approached by a software development firm to emulate a threat actor attempting to gain access to their Intellectual Property (IP) through social engineering. The client specifically requested a black-box approach, targeting the company’s software engineers. A black-box approach involves starting the engagement without any prior information, simulating a threat actor operating with real-world resources. In this article, we delve into how we crafted a convincing social engineering campaign, hosted Command and Control (C2)

Emulating a Ransomware Attack: A Realistic Engagement Story Since 2006, we’ve consistently earned the attention of international and domestic media outlets and businesses, a testament to the value of our work. Not only are we known for emulating real-world threat actors and innovating new techniques, tactics, and procedures (TTPs) but also for testing our client’s incident detection and response capabilities. We thought we’d share one such story with you from an older engagement which still

Overview Netragard was engaged by a midsized HR company to assist in their internal incident response process when they detected activity resulting in changes to customer payroll accounts. This case study emphasizes the importance of early incident detection and response through a well-considered plan.  Additionally, it demonstrates the benefits of having a third-party on retainer to help mitigate the damages when an attacker targets you or your clientele. Initial Detection The HR company’s internal systems

Overview   This social engineering case study shares how we were able to breach a global company using some remarkably simple techniques. It shows how easily someone can become a victim of social engineering with only a few pieces of information, a little persuasion and touch of emotional manipulation.    What Is Social Engineering? Social Engineering is a tactic used by individuals to manipulate and deceive others into disclosing sensitive information or performing actions that they would

Most popular email programs like Microsoft Outlook, Apple Mail, Thunderbird, etc. have a convenient feature that enables them to remember the email addresses of people that have been emailed.  Without this feature people would need to recall email addresses from memory or copy and paste from an address book. This same feature enables hackers to secretly breach networks (in this case for hacking casinos) using a technique that we created back in 2006 and named

Realistic Threat PCI Penetration Test for a Large Retailer We recently completed the delivery of a Realistic Threat PCI focused Penetration Test for a large retail company. As is always the case, we don’t share customer identifiable information, so specific details about this engagement have been altered to protect the innocent. For the sake of this article we’ll call the customer Acme Corporation. When we were first approached by the Acme Corporation we noticed that