TIBER in a Nutshell

The Y-Security service lines are divided into Attack Simulations, Penetration Tests and Security Trainings. Below you can find our TIBER in a Nutshell post which summarizes everything you need to know about TIBER from an offense perspective. For a whole and comprehensive picture we recommend to look at our previous blog post all you need to know about Threat Intelligence Based Ethical Red Teaming.

Attack Simulations

TIBER is an essential part of our Attack Simulations service (often known as Adversary Emulation or Adversary Simulation or RED TEAM). See Christian providing you with an introduction to Red Teaming at Y-Security.

The silhouette of a wolf head as our logo for the service Attack Simulation

Formal introduction into Red Teaming


TIBER

The TIBER exercise is, like most Red Teams, a goal-based adversarial activity that is performed from the perspective of an attacker with no or little knowledge of the target. The exercise is designed to verify if current technical, physical or process-based security controls and procedures are resistant to a targeted cyber attack.

It’s impossible to demonstrate every aspect of a Red Team, but we have tried to summarize the attackers view with typical attack scenarios in the following video:

Red Teaming in a Nutshell


Wonder what a Red team report at Y-Security looks like? We’ve got you covered – see the sample videos below.

RED TEAM REPORT MANAGEMENT

Provides insights for the Project Owner and Manager with details about the Attack Simulation.

RED TEAM REPORT TECHNICAL

Details on the attack scenario and what TTP have been combined to reach the goal of the assessment.

That was likely to quick for a whole picture – contact us via the below details and we will provide you with a sample report.


Further Reading

At Y-Security we have already covered some excessive information around Red Teaming and in particular TIBER

Attack Simulation Overview https://www.y-security.de/services/
Detailed Attack Simulation Information https://www.y-security.de/attacksimulations/
Blog Insights into Penetration Test & Attack Simulation Reports https://www.y-security.de/news-en/insights-into-penetration-test-attack-simulation-reports/
Blog Insights Into Attack Simulation Part 1 https://www.y-security.de/news-en/insights-into-attack-simulations-part-1/
Blog Insights Into Attack Simulation Part 2 https://www.y-security.de/news-en/insights-into-attack-simulations-part-2/
Blog Threat Simulation Mimicking an APT https://www.y-security.de/news-en/threat-simulation-mimicking-an-apt/
Blog All you need to know about Threat Intelligence Based Ethical Red Teaming https://www.y-security.de/news-en/all-you-need-to-know-about-threat-intelligence-based-ethical-red-teaming/

Author

Sven Schlüter
sven@y-security.de
Y-Security GmbH
10. March 2022