Contact

Lloyd Bruce ([email protected])

+44 (0) 161 209 5200

https://www.nccgroup.com/globalassets/service-pages/documents/security-consulting/technical-security-consulting/crest-star-and-cbest.pdf

NCC Group’s Full Spectrum Attack Simulation practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Global Threat Intelligence practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia NCC Group has a fully qualified and experienced team supporting the financial services sector. Our team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Attack Simulation services are focussed on the delivery of threat intelligence-led red team scenarios, delivered by our world-class red team, to replicate real world threats. We help organisations to understand if they are susceptible to and can Prevent, Detect or Respond to real-world threats by demonstrating what a threat actor could achieve and the potential impact this may have. Supported by NCC Group’s exploit development and research group, our red team is comprised of dedicated and experienced operators capable of providing advance attack simulations. Armed with a combination of commercially available, open-source and proprietary tooling and tradecraft, NCC Group’s Full Spectrum Attack Simulation practice can support you with the delivery of a CREST STAR G-Cloud:

·https://www.applytosupply.digitalmarketplace.service.gov.uk/g-cloud/services/527869061275747

CREST Qualified Consultants:

·CREST Certified Simulated Attack Manager

·CREST Certified Simulated Attack Specialist Pentest Overview:

·Test and Risk Management Plans

·Execution of Threat intelligence led Scenarios

·Comprehensive Reporting & Debriefs

·Purple Teaming

·D&R Capability Assessments

·Purple Teaming & Replay Workshop Pentest Approach

·In Phase – gaining initial access to an environment and establishing persistence.

·Through Phase – Discovery, privilege escalation through exploitation or credential access, and lateral movement

·Out Phase – actions on objectives again important business services

Contact

Matt Hull ([email protected])

+44 (0) 161 209 5200

https://www.nccgroup.com/globalassets/service-pages/documents/security-consulting/technical-security-consulting/crest-star-and-cbest.pdf

NCC Group’s Global Threat Intelligence practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Full Spectrum Attack Simulation practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR-FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia, NCC Group has a fully qualified and experienced team supporting the financial services sector. NCC Group’s team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Threat Intelligence services are focussed on providing clients with timely, actionable intelligence focussed on the business implications of both the threat and threat mitigation activities. Our intelligence is developed from a broad spectrum of intelligence sources and underpinned by deep technical understanding. Analysis of threat actors, their intent and capability, is combined with a comprehensive knowledge of threat vectors, target systems and their vulnerabilities. Armed with a comprehensive array of threat intelligence, NCC Group’s Global Threat Intelligence practice can support you with the delivery of a CREST STAR G-Cloud:

·https://www.applytosupply.digitalmarketplace.service.gov.uk/g-cloud/services/493619072078273

CREST Qualified Consultants:

·CREST Registered Threat Intelligence Analyst

·CREST Certified Threat Intelligence Manager Threat Intelligence Overview:

·Threat Intelligence Planning

·Execution of Threat Intelligence

·Targeting: potential attack surfaces across the firm/FMI’s organisation

·Threat Intelligence: relevant threat actors and probable threat scenarios.

·Scenario Workshops

·Comprehensive Reporting Threat Intelligence Collection Sources:

·Open Source

·Sourced from Dark Web data

·Sourced from Deep Web data

·Sourced from Tech data

·Sourced from incident response

Contact

Alex Jessop

+44 (0) 161 209 5200

[email protected]

NCC Group’s Attack Surface Management services offer comprehensive solutions, including fully managed vulnerability scanning, compliance and bespoke services. These aim to help organizations identify their attack surface and enhance the security of their web applications, and internal and external infrastructure. Through tailored programs of continuous vulnerability scanning and exposure monitoring, we ensure robust protection. Our services are supported by exceptional technical teams and Subject Matter Experts.

CSIR
Cyber Security Incident Response
Contact

[Option 1 – preferred] DFIR, +44 331 630 0690, [email protected]

[Option 2] Darren James, +44 7824 412 412, [email protected]

Receive immediate and continuous support to proactively protect against security incidents. Get primed to manage them while they’re happening and recover quickly so you can return to business as usual.

Our Incident Response services includes:

• Incident Response Investigation
• Incident Response Managment
• Digital Forensics Investigation
• Remediation Support
• Reverse Engineering Malware Analysis
• First Responder Training Courses
• Incident Simulations & Table Tops
• eDiscovery Services
• IR and Forensic Consultancy

Contact

Duncan McDonald ([email protected])

+44 (0) 161 209 5200

https://www.nccgroup.com/uk/our-services/cyber-security/penetration-testing/

NCC Group’s world-class security consultants and certified ethical hackers conduct real-world exercises to emulate cyber-attacks your networks, systems, and applications could face.

NCC Group help businesses understand their exposure to potential risks, counter threats to critical assets, and protect their reputation. By identifying both your cyber security strengths and weaknesses, pen testing allows you to address technical risks across your entire attack surface. This proactive approach provides the insights needed to prevent attackers from exploiting vulnerabilities and causing damage.

We can offer:

• Infrastructure penetration testing
• Application security testing
• Network security testing
• Remote access security testing
• Wireless security testing
• Mobile security testing

Through the application of rigorous methodologies, the use of automated scanning tools, customised proprietary scripts and manual techniques, we test for exploitable vulnerabilities that could allow unauthorised access to key information assets.

Our reports detail the security vulnerabilities within your infrastructure that could potentially be exploited in an attack. They also recommend the best methods to secure the environment based on your unique internal business requirements and industry best practices.

Contact

Matt Hull ([email protected])

+44 (0) 161 209 5200

https://www.nccgroup.com/globalassets/service-pages/documents/security-consulting/technical-security-consulting/crest-star-and-cbest.pdf

NCC Group’s Global Threat Intelligence practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Full Spectrum Attack Simulation practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR-FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia, NCC Group has a fully qualified and experienced team supporting the financial services sector. NCC Group’s team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Threat Intelligence services are focussed on providing clients with timely, actionable intelligence focussed on the business implications of both the threat and threat mitigation activities. Our intelligence is developed from a broad spectrum of intelligence sources and underpinned by deep technical understanding. Analysis of threat actors, their intent and capability, is combined with a comprehensive knowledge of threat vectors, target systems and their vulnerabilities. Armed with a comprehensive array of threat intelligence, NCC Group’s Global Threat Intelligence practice can support you with the delivery of a CREST STAR G-Cloud:

·https://www.applytosupply.digitalmarketplace.service.gov.uk/g-cloud/services/493619072078273

CREST Qualified Consultants:

·CREST Registered Threat Intelligence Analyst

·CREST Certified Threat Intelligence Manager Threat Intelligence Overview:

·Threat Intelligence Planning

·Execution of Threat Intelligence

·Targeting: potential attack surfaces across the firm/FMI’s organisation

·Threat Intelligence: relevant threat actors and probable threat scenarios.

·Scenario Workshops

·Comprehensive Reporting Threat Intelligence Collection Sources:

·Open Source

·Sourced from Dark Web data

·Sourced from Deep Web data

·Sourced from Tech data

·Sourced from incident response

Contact

Lloyd Bruce ([email protected])

+44 (0) 161 209 5200

https://www.nccgroup.com/globalassets/service-pages/documents/security-consulting/technical-security-consulting/crest-star-and-cbest.pdf

NCC Group’s Full Spectrum Attack Simulation practice specialise in the delivery of Intelligence-Led/Threat-Led Penetration Testing (ILPT/TLPT). With extensive experience in delivering these engagements in collaboration with NCC Group’s Global Threat Intelligence practice, NCC Group are well-positioned to support you as both Threat Intelligence and Pentest Providers. NCC Group have a long-standing history of delivering ILPT/TLPT engagement as well as supporting regulatory bodies globally in the creation and improvement of their ILPT/TLPT Frameworks. From CBEST, STAR FS and CREST STAR in the UK, TIBER in the EU, iCAST in Hong Kong, AASE in Singapore, FEER in Saudi Arabia and CORIE in Australia NCC Group has a fully qualified and experienced team supporting the financial services sector. Our team have a vast amount of experience in delivering ILPT/TLPT to non-finance sector organisations through frameworks such as GBEST, TBEST and GCASE. Our years of experience in the regulatory red teaming space, particularly with TIBER, also means that we have an experienced and qualified team able to support organisations through DORA TLPT. NCC Group’s Attack Simulation services are focussed on the delivery of threat intelligence-led red team scenarios, delivered by our world-class red team, to replicate real world threats. We help organisations to understand if they are susceptible to and can Prevent, Detect or Respond to real-world threats by demonstrating what a threat actor could achieve and the potential impact this may have. Supported by NCC Group’s exploit development and research group, our red team is comprised of dedicated and experienced operators capable of providing advance attack simulations. Armed with a combination of commercially available, open-source and proprietary tooling and tradecraft, NCC Group’s Full Spectrum Attack Simulation practice can support you with the delivery of a CREST STAR G-Cloud:

·https://www.applytosupply.digitalmarketplace.service.gov.uk/g-cloud/services/527869061275747

CREST Qualified Consultants:

·CREST Certified Simulated Attack Manager

·CREST Certified Simulated Attack Specialist Pentest Overview:

·Test and Risk Management Plans

·Execution of Threat intelligence led Scenarios

·Comprehensive Reporting & Debriefs

·Purple Teaming

·D&R Capability Assessments

·Purple Teaming & Replay Workshop Pentest Approach

·In Phase – gaining initial access to an environment and establishing persistence.

·Through Phase – Discovery, privilege escalation through exploitation or credential access, and lateral movement

·Out Phase – actions on objectives again important business services

Contact

Sean Mitchell ([email protected])

+44 (0) 161 209 5200

Emergency Help: 01234 999 888

NCC Group’s Security Operations Center (SOC) integrates with their Managed Extended Detection and Response (MXDR) to deliver comprehensive threat protection.

Operating continuously, the SOC promptly addresses suspicious activities using proprietary threat intelligence and custom detections tailored to each organization’s risk profile.

This SOC-MXDR integration enables rapid threat containment through MFA verification and swift asset isolation. By combining automation with human expertise, the system reduces false positives, allowing security teams to focus on genuine threats. Providing enhanced visibility across multi-cloud, data security, DevOps, OT, and IoT environments, giving organizations a clear understanding of their security posture for effective incident response.