Defending your assets from possible threats

Custom Hardening Guides

custom hardening guides for any product or service

We produce hardening guides for a wide range of products and services from Operating Systems, Application Services, Email Gateways, all the way through to Network Firewalls.

Hardening Guides

We produce hardening guides for a wide range of products and services.

INDUSTRY STANDARDS

Our hardening guides can be written to be in line with your compliance requirements from CIS through to the ACSC essential eight.

SECURE FOUNDATION

A secure design standard for your operating system or service ensures that the foundation of your environment is built with security and resilience in mind.

INCIDENT RESPONSE PLAYBOOKS

We product incident response playbooks, allowing you to effectively respond to incidents with a repeatable process.

Internal Architecture & Service Review

Internal Architecture & Service review

An organisations environment is only as secure as its weakest link, ensuring that the services and configurations within your architecture meet or exceed your security requirements can save you both time and money.

Architecture review

Our team will work with you to perform a review of your architecture, services, and configurations.

Security recommendations

We will provide recommendations on how you can improve the overall security posture of your implementation.

Service review report

We will document all findings & recommendations in a Security Architecture & Service Review report for your review.

case studies

problem
solution
impact
product used
testimonial
The Problem

LARGE ENVIRONMENTS FAIL TO MEET INDUSTRY STANDARDS

It is quite common for large environments to have cyber security strategies in place. However generally these are aligned to a none technical or non-industry standard framework.
The Solution

ALCHEMY'S DEFENSIVE  AND MITIGATION STRATEGIES

Alchemy developed a process that allowed the business to align both their defensive and mitigation strategies against the MITRE ATT&CK framework.

The Impact

STRATEGICALLY ADDRESSING GAPS IN DEFENSIVE CAPABILITIES

This allowed the business to strategically address gaps in their defensive capabilities through configuration changes on existing products. The framework also allowed the business to strategically invest in product to fill identified gaps in defensive capabilities while avoiding product overlap to net a better return on investment.

Product Used

SUCCESSFUL MONITORING AND MITIGATION OF TTPs

The MITRE ATT&CK framework was utilised to allow the business to align their technical mitigation and monitoring capabilities with real life tactics, techniques and procedures used by threat actors. This process allows organisations to identify gaps in these capabilities as well as processes or technologies that could be utilised to both monitor and mitigate a broad range of TTPs.

Testimonial

LARGE ENVIRONMENTS FAIL TO MEET INDUSTRY STANDARDS

It is quite common for large environments to have cyber security strategies in place. However generally these are aligned to a none technical or non-industry standard framework.

How It Works

Our Unique Process We Developed Over 10 years.

Alchemy Security Consulting Pty Ltd provides a broad range of security assessment services to assist our customers in identifying vulnerabilities and maturing their defensive capabilities.

scoping

The scope will define the objectives, constraints, scheduling and reporting requirements for the assessment.

assessment execution

We will execute the assessment in line with the agreed scope.

reporting

All findings will be documented in a risk prioritised report detailing all findings and recommended actions.

remediation testing

A retest of key findings is performed to validate that remediation actions by the customer have successfully mitigated identified vulnerabilities without introducing further vulnerabilities or risks.

The Benefits

List all the benefits

We focus on defining and implementing defensive measures to harden and mature our customers defensive capabilities. We focus on defining and implementing defensive measures to harden and mature our customers defensive capabilities.

SECURE BY DESIGN

By ensuring your architecture meets industry security standards, you can be sure that your environment is secure by design.

DEFINING A BASELINE

Establishes a security baseline for your Operating Systems and Services.

REPEATABLE PROCESS

Setting a hardened standard for your devices makes it easy to ensure all of your devices are configured securely using a repeatable process.

ANOTHER PERSPECTIVE

Having that external perspective can help identify holes and vulnerabilities that otherwise go un-noticed.

Frequently Asked Questions

Still got questions? Contact us
contact us
What is an incident response playbook?
An incident response playbook is a repeatable step by step process that the business can follow when responding to an incident. Typically playbooks are built around specific attacks such as ransomware.
What is the MITRE ATT&CK framework?
The MITRE ATT&CK framework can be utilised by businesses to assess the maturity of both their defence and monitoring capabilities against numerous threat actors. This framework can also be used to measure the effectiveness of products and services in filling known gaps within existing capabilities to ensure a greater return on investment.
Can you help review and mature our existing hardening guides and process?
Of course! When we create hardening guides or incident response playbooks we will utilise existing documentation and processes to help align them with your business.

It’s free to chat

Send us a message and we will be in touch as soon as possible. And it’s free to chat

Recent Post

Detecting and defending against advanced persistent threats utilizing the latest in industry-leading tools and techniques to strengthen and mature the security posture.

Conti Group - Tooling, Leaks and Russian FSB Ties

The Conti group have been featured across many news outlets lately both inside and outside the cyber security community. It is well known that this specific threat actor is mainly…
Read More

Yes, Local Administrators ARE a Risk

Modern environments are in a constant state of flux; new systems are being commissioned, and old systems decommissioned, to meet new requirements and increase efficiency in all sectors. Managing those…
Read More

OSINT for Penetration Testers

Part of performing an effective and successful penetration test requires gathering as much information about the target as possible. The more information you have on your target, the more likely…
Read More

CONTI Group - The not so advanced APT

Recently in the news it was revealed that a member of an “APT” group that utilises the “Conti” ransomware became disgruntled at the state of their relationship with the group…
Read More

Hidden Cobra - Uncovering the North Korean APT

Advanced persistent threats come in many forms ranging from your crime groups, activists all the way through to your state sponsored groups. While some of these threat actors such as…
Read More

Please Sign Here - Why NTLM Relaying Is Still a Risk in 2021

The Windows Name Resolution Flow You may be under the impression that turning host names into IP addresses is simple. You check:  The Hosts file; then Your system’s DNS (Domain Name System) resolver  That’s it right? If you don’t…
Read More

The benefits of Red Teaming

Red teaming is not a new concept within the cyber security community. However in Australia, Red Teaming is a relatively new term for most organisations. In this blog post we'll…
Read More

Stealing Password Reset Tokens for Fun and Profit

When adding a “Password Reset” function to your application it is especially important to ensure this has the same security considerations as any other critical function within the application. Due…
Read More

MITRE ATT&CK Framework Primer

The MITRE ATT&CK framework is a fairly familiar term within the Cyber Security industry. It has quickly evolved from a niche framework, to the core of many security operation centers.…
Read More