Responsive image

Be proactive: search for compromised systems

search for compromise

Search for compromise

The purpose of a search for compromise is to check if an attacker is present in your IS.

Recent news proves that computer attacks are more and more targeted and are able to remain in an IS for several years.
With our expertise in Windows systems, we have developed our internal tools to meet the demanding level of quality that we have set for ourselves. This allows us to conduct search for compromise with high added value. We are working with a non-signature based detection system to highlight unknown malware. Moreover, our tools are able to work in both user mode and kernel mode.
Our search for compromise is based on both automatic and manual analysis. This process allows our experts to take the time to contextualize the anomalies detected, thus significantly reducing the risk of false negatives.

Why call us?

Why perform a search for compromise?

Check your IS

Know if you are currently compromised

During a company acquisition

  • To know if the company you are buying is being spied on
  • Companies are frequently compromised between the acquisition announcement and integration into the IS
  • Do not let an attacker enter your IS through an acquisition

CISO's astonishment report

As soon as the CISO takes office,
it is essential to check that the IS is not already compromised

The steps of a search for compromise

  • Determine a scope of machines to analyze.
    This scope can cover all the Windows machines in your SI or a critical subpart only. If needed, we can help you identify it.

  • Deployment of our collection agent.
    Our internally developed agent collects the information needed to detect a compromise.
    We also offer full RAM analysis as a complement for the most critical machines.

  • The collected information is sent encrypted.
    It is stored on a server located in your network, but independent of the rest of the IS.
    We retrieve this information at the end of the collection step and decipher it once transfered and partitioned in a secure environment.

  • Automatic and manual data analysis.
    Our analysis aim to detect and contextualize suspicious behavior and weak signals based on our tools and expertise.

  • Lift of doubt.
    Recovery and in-depth analysis of suspicious elements detected using malicious code analysis methodologies.

  • Delivery of a report containing:

    1. an overview of your IS
    2. the elements requested in the lift of doubt
    3. the results of our analysis
    4. our arbitration on the compromise of the IS

    This report can be use as a basis for both an incident response in case of compromise and for hardening of the machines.

Our innovations

Internal tools

All our tools, for both collection and analysis, are developed internally. Each of them has significant innovations aimed at identifying complex anomalies.

In-depth analysis

Our Windows experts perform a manual and in-depth data analysis. This allows us to contextualize the anomalies and scrutinize the weak signals.

No signatures/IOCs

Our tools are powerful enough to have detected all the malicious codes currently tested without rellying on the use of signatures or IOCs.Our tools are powerful enough to have detected all the malicious codes currently tested without relying on the use of signatures or IOCs.

RAM analysis

We are able to analyze RAM dumps that other tools on the market can not handle. Our tool dynamically identifies the internal structures of the system and is able to go as far as analyzing undocumented areas to reveal rootkits.

Contact us!

For more information on the search for compromise do not hesitate to contact us.

contact [at] exatrack [dot] com