Our Industry Experience

Nebotain led the emergency recovery from a targeted SQL injection attack of a public-facing prepaid credit card portal of the organization. Nebotain conducted incident and crisis management activities to contain and eradicate the threat while engaging legal, law enforcement, banking regulators and public relations personel.

Nebotain responded and mitigated a distributed password spraying and brute force attack campaign on publicly facing APIs of the organization. Recovery activities included hardening of the external website platforms,  an implementation of an API security layer, and 24/7 monitoring and response to threats.

Nebotain created and led a compliance program to the PCI-DSS standard within the organization The program included implementation of database encryption technologies, implementation of compensating controls in the form of database activity monitoring and the re-architecting of the internal network based on security zones.

Nebotain investigated multiple instances of theft of subscriber information within the organization. The investigation resulted in the prosecution of the adversaries and the creation of a risk mitigation plan with the implementation of Data Leakage Prevention and Insider Threat Detection technologies to enhance detection and response mechanisms.

Nebotain conducted a year long hunt after a persistent threat actor that conducted weekly social engineering attempts intended to defraud the customer support staff of the organization. Nebotain used various HUMINT, OSINT and deception techniques to pursue, find the perpetrator and convict him.

Nebotain formed and lead a Classified Information Protection program within the organization while complying with rigorous national security requirements. The program included implementation of technical , physical, and organizational security controls intended to protect classified information held within the IT, OT and Cellular environment. 

Nebotain created an application security program while working closely with the development teams of the organization. The program included secured development training to over 70 developers, creation of secure coding practices, implementation of code reviews , static code analysis and penetration testing prior to production deployment and continuous runtime protection mechanisms.

Nebotain battled a DDoS attack campaign of of public facing game servers of the organization. Nebotain led the Incident Response team within the organization and also managed multiple third parties and Emergency response teams of the world’s leading DDoS mitigation providers. 

Nebotain battled a long campaign of DNS redirection of public facing websites of an organization. The response included development of monitoring software that was deployed in the wild and a semi automated response capability . The team worked in close collaboration with the World’s leading DNS providers.

Nebotain countered an adversary group who targeted an organization's customers with phishing and account takeover attempts. Together with Marketing teams, Nebotain set up a Digital Risk Protection \ Brand Protection program utilizing one of the world's leading providers. The program included 24/7 detection and response to infringing content of fake websites while working with law enforcement to take down the offending sites.

Nebotain countered an adversary group which intended to defraud the organization. The attack was contained and eradicated during the course of sixteen weeks with the assistance of an internal and external Cyber Forensics and Incident Response team.

Nebotain led multiple engineering teams through the design and implementation of a fully redundant and secure data meeting uptime requirements of %99.99 availability. The design followed a rigorous threat modelling process, while the implementation included failover, recovery and penetration testing of the network, infrastructure and database components.  

Nebotain countered an adversary group which intended to access the OT environment of the electric battery switching stations of the organization. The attack was contained and eradicated during the course of 6 weeks with the assistance of an internal and external Cyber Forensics and Incident Response team.

Nebotain led the emergency response to a business email compromise attack on the organization. The attack included the investigation, mitigation of the attack and attribution of the threat group, who managed to impersonate a supplier and reroute funds to foreign bank accounts.

Nebotain formed and led a continuous Red Team testing program across the IT and OT environment of the organization across multiple continents. The program included mutually agreed upon targets and KPIs and included a continuous improvement and lessons learned engagement following each attack campaign.