TIBER (Threat Intelligence-Based Ethical Red-teaming) is an advanced form of read-teaming that applies realistic cyber threat intelligence as a basis to prepare and execute red-team penetration testing.
This project focuses on assessing the advantages and disadvantages of TIBER vs. more traditional red-teaming and pentesting. The project is expected to provide recommendations regarding the use of TIBER with regard to which organizations that can benefit from it, the complexity, skills and resources required, legal and ethical constraints, and the potential benefits of TIBER.
Aspects to consider are e.g.
- Simulated intrusion attacks consisting of OSINT, social engineering penetration testing (both physical and cyber) and other methods to assess strengths and weaknesses of the tested entity
- Rules of engagement
- How far can the read team go?"
- Mimicking real attackers' Tactics, Techniques and Procedures (TTP)
This project is in collaboration with KPMG Norway.