Services

We have custom tools to perform security tests and audit of all parts of a Microsoft 365 tenant, including key areas such as user management and account security, the configuration of security protections, SharePoint sites, and application integrations.

We conduct detailed security audits of Google Workspace tenants, to help customers identify potential security and compliance issues with the current configuration. Common areas for improvement are user management and account security, the configuration of available security protections, email security configuration, Google Drive sharing, and third-party application integrations.

To help understand this attack surface, Red Maple will complete an enumeration task to identify all internet-facing assets belonging to the Client. This is completed using our own attack surface management product [FractalScan Surface](https://fractalscan.com/), as well as other established tools and techniques. It includes an automated assessment of the status and configuration of all registered domain names and certificates, IP address ranges, and DNS records, including email records (MX, SPF, DKIM and DMARC).

We perform surveys of internal networks, to enumerate internal IT assets, running network services and their versions, and identify publicly known security vulnerabilities and potential issues with those assets. This process will also test the separation of different networks, and the visibility of devices on all networks

We offer holistic and focused cloud security reviews. We use GCP and IONOS ourselves for our own and our customers' solutions, but are also experienced in both AWS and Azure. These tests typically uses a combination of automated tools and manual checks to identify potential security and compliance issues with the target infrastructure. Common areas of concert include Identity and Access Management (IAM), networking and firewalls, compute and storage resources.

Whether Windows, macOS or mobile devices, we can complete technical testing on user devices, to properly evaluate the installed protections and defences against common threats. These tests are based around five key initial stages of the Mitre Att&ck Framework

After agreeing the scope and coverage with a customer, we combine our development and security expertise to test everything an attacker would. These tests typically focus on the primary security threats and risks to the application using a combination of manual and automated testing.

With a background in hardware development and forensics, some of our staff specialise in hardware security. Whether consumer or industrial, we can test what an attacker could achieve if they get their hands on your devices.

Our clients trust us to solve some of their hardest problems. Whether in-depth and technical or more high-level, we can deliver expert cyber security research.