Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog

Leidos Cyber UK is CREST certified for Penetration Testing, Incident Response and Cyber Essentials.

This accredits Leidos Penetration Testing programme as complying with CRESTs rigorous requirements for penetration testing providers, and gives organisations a level of assurance over the quality of testing that will be delivered.

What should organisations aim to test?

The standard recommendation is to always test with the objective of obtaining any asset which the organisation believes to be of highest-value and/or whichever asset could cause the most-disruption should it be obtained by a malicious actor. For example this could be access to transaction systems, ledgers and ATM or interlink networks. While public websites should be tested, the emphasis should be proportional to the risk they pose to the wider organisation during compromise. Apart from this, testing can otherwise concentrate on verifying implemented security controls.

Leidos Delivers

Leidos Penetration Testing is the combination of existing skills, the Leidos-SAIC merger, and Lockheed Martin’s Information Systems and Global Solutions business. The key advantage to the Leidos testing team is the number of testers under its banner. With testing teams in the USA, UK and Australia, there is always offensive security experts available with a diverse skillset. Additionally, Leidos is a large multinational organisation with people deployed in multiple clients throughout the world simultaneously, using a tremendously large range of technologies.  Meaning there is likely always someone contactable with experience in most likely technologies, and the deployment in environments and businesses similar to your own.

Although Leidos Penetration Testing does not purport to reveal how good a security implementation is, it can often reveal areas in which it may be performing poorly – showing if you are spending money in the right areas.

Leidos Penetration Testers are not your average security analyst, but are entirely dedicated to their tradecraft, with many owning their own home labs and other test equipment in order to stay relevant and ultimately perform tests which continue to accurately mimic adversarial tactics.

Leidos Penetration Testing Services

1.1     Physical Penetration Testing

Penetration testing assessing the physical security of an organisation, to include between-the-line attacks, physical breaking and entering, badge-hijacking technologies, access emulation technologies, etc. This type of assessment tests the various physical boundaries in place and to determine what policies and procedures employees actively follow and enforce.    

1.2     Web Application Testing

Targeted penetration testing against a specific Website or Web Application. This type of testing evaluates the attack paths available to attackers from various points of access. Typically involving the exploitation or demonstration of discovered vulnerabilities, inclusive of those such as the OWASP Top 10. Testing can be performed from white and/or black box perspectives depending on the needs of the client.

1.3     Perimeter Testing

Targeted penetration testing against known company external IP space, with specific focus on perimeter IP addresses; this testing is focused on identifying vulnerabilities and weaknesses in the perimeter, and the extent of disclosure that can result in the event they are leveraged by an advanced attacker. Additionally further discovery can be performed in order to determine the unknown extent of an entity’s web presence. Network Perimeter Assessments and Targeted Perimeter Assessments fall under this category.

1.4     Social Engineering

Execution of social engineering methods, with the goal of leveraging this attack vector as part of a larger Vulnerability Assessment operation; these include phishing attacks, phone attacks, help desk intrusion attempts, etc.

1.5     Phishing and Attack Delivery Emulation

Research and development of custom phishing attacks, emulating adversarial methods. These tests can be performed either against a provided list of individuals or against organisational contacts identified through open source investigations. Measurements of the success of delivery and volume of end user interaction can be measured to assess the level of employee awareness.

1.6    Password Research / Audits

This type of assessment looks to identify users’ weak passwords and non-compliance with corporate password policies as well as providing statistical output on the number of passwords cracked and the given time taken to crack them. Activities such as Password Research / Audits may form part of the larger penetration test where cracked credentials are leveraged to gain further access.

1.7   Red Team Campaigns

Red Team Campaigns are long-term assessments of any of these engagement types. Red Team Campaigns are typically black box or grey box assessments, where the Blue Team is not aware of the activities being performed. Long-term testing provides a better understanding of what is being evaluated, so proper solutions can be implemented. Such campaigns can be combined with specific targets (flags) which attackers may target in the event of a real attack.

1.8   Internal Infrastructure Security Assessment

Organisations are often focused on protecting their perimeter, therefore the Internal Infrastructure Security Assessment looks at the scope and access an attacker could obtain once they have broken the perimeter. This is achieved by assuming an unauthenticated position within the internal network and leveraging penetration testing techniques to enumerate the network, discover vulnerabilities and obtain access to systems and data.

1.9     Advanced Persistent Threat (APT) Simulation

Structured testing emulating the techniques, tactics and procedures of Advanced Persistent Threats from a variety of platforms, internal, external, authorised user and unauthorised user. Focusing on all areas of the Cyber Kill Chain © - Delivery, Exploitation, Installation, Command and Control and Actions on Objectives.

1.10 Rapid Response

Targeted testing in support of critical operations or validation of countermeasure and mitigation effectiveness; this testing focuses on mainstream vulnerabilities, recently-released zero days, and proof of concepts which can identify high visibility findings that need to be remediated immediately.

1.11 Engineering and Initiatives Support

Vulnerability assessment services to support pre-production environment evaluation, production environment baseline evaluation, development projects, application analysis, mobility threat analysis, and encryption technology effectiveness; also, testing of hardware devices to identify vulnerabilities or weaknesses such as mobile devices, hardware technologies, IoT, etc.

1.12 Targeted Critical Environment Testing

Targeted testing against critical environments and/or assets on a regular and continued basis; this includes testing of the people, processes, and technologies supporting these critical environments. This would consist of Critical Information and Insider Protection Security (CIIPS) assessments and support and Business Unit scheduled assessments.

Customer Success


Objective; Provide a comprehensive set of security assessments and recommendations for maturing the security posture for this high profile, global financial client across the areas of Cyber Defense Maturity, Insider Threat, Infrastructure Security Assessment, Advanced Persistent Threat (APT) Simulation.

Leidos Delivered;

  • Baseline measurement of security maturity, compared to international peers
  • Actionable roadmap detailing recommendations to improve the client’s security posture
  • Detailed executive briefing to client’s board of directors describing findings and risks to the enterprise

USA Fortune 150

Leidos partnered with a global manufacturer to provide penetration testing services for a Fortune 150 organisation at multiple manufacturing facilities in North America and Asia. The scope included physical compromise, external and internal penetration testing, and wireless assessment for both the IT/Business and Industrial Control System (ICS) environments. The Leidos Team brought awareness to numerous vulnerabilities that could allow an attacker to compromise various systems and networks. Provided actionable set of recommendations for improving cybersecurity posture and reducing risk.

USA Utility Company

The Leidos Team performed a comprehensive assessment and testing of data flow from smart meters through AMI head end applications to identify vulnerabilities which could be leveraged to create a business disruption, compromise sensitive data, or breach the client perimeter of a North American Utility Company. Activities included:

  • Network discovery / Port and Service Identification,
  • Network sniffing
  • Hardware hacking
  • Password cracking, Vulnerability scanning & analysis
  • Wireless/RF scanning, and
  • Penetration Testing and Exploitation.

The Leidos Team brought awareness to numerous vulnerabilities that could allow an attacker to compromise AMI systems. Provided actionable set of recommendations for improving the AMI cybersecurity posture and reducing risk. Findings were categorized by risk level based on NIST guidelines and Leidos experience.

Red-Blue Collaboration

Working collaboratively with the client, we identified a set of testing objectives and prioritised them based on business impact. An example of a test objective is “compromise two-factor authentication infrastructure.” The testing team then carefully worked to achieve each objective, taking on the persona of a motivated attacker.

Before beginning the test, both parties agreed upon the “Rules of Engagement”—a mutually defined document designed to clarify expectations and prevent impacts to daily operations. Over the next year, we conducted a holistic evaluation of the company’s security strategy, people, process, and technology and offered recommendations to strengthen its cybersecurity program. Under Leidos’ guidance, the client doubled the size of its response team, updated critical systems, and initiated new capabilities to provide needed visibility to the response team. Today, the company is protected by a 24x7 security operations team, a comprehensive cybersecurity strategy, and new technologies to help them thwart attacks. Leidos continues to conduct annual penetration tests auditing the client’s systems and providing feedback for continued improvements. During the most recent test, it took engineers several days to penetrate the client’s network, but when they did, the client’s security team was immediately aware of the intrusion.

Contact our cybersecurity team for more information on how a Penetration Test could benefit your current cyber program.


Lee has been dealing in Commercial Cyber since the age of 14, selling password reset floppies on eBay. Although it took another 4 years before a server of his was hacked, leading to an active interest in offensive security itself. Lee has been working in the sector professionally since 2011, largely as a Penetration Tester but occasionally as a consultant when wanting a break. Lee currently leads the Leidos Cyber Penetration Testing solution, delivering penetration tests throughout EMEA with a team sourced internationally.