About us:
Skill Quotient Technologies is a global leader in delivering transformative IT solutions, committed to empowering businesses in the digital era since its inception in 2016. Specializing in Cloud Services & Management, Cyber Security, Applications Development, Enterprise Solutions, Process Automation, Data Engineering, Software Testing, Staff Augmentation, and Project and Product Management. Skill Quotient provides cutting-edge services tailored to meet diverse industry needs. Its dedicated cybersecurity division, SecurePlex has achieved prestigious recognition, including being named Cyber Security Company of the Year 2025 by the Malaysia Cyber Security Awards. With a global presence across the USA, Saudi Arabia, Malaysia, Singapore, UAE, and India, Skill Quotient emphasizes quality, security, and innovation, underscored by ISO 27001:2013, CREST, and CMMI-DEV ML 3 certifications.
“1. Scope and Objectives
Scope includes:
IT systems, cloud platforms (Azure, AWS, GCP), OT/ICS
infrastructure (PLCs, RTUs, SCADA), and enterprise networks.
Constraints: Non-disruptive, non- destructive testing unless pre- approved.
Objective:
To test client’s ability to detect, respond to, and recover from real-world attacks, aligned with business risk and critical operations.
2. Engagement Activities
1.1 Red Team Operations
Red Team simulation in IT & OT environments:
Scenario-based adversary emulation aligned with MITRE ATT&CK (Enterprise & ICS) Exploitation of vulnerabilities in that includes, but not limited to:
Active Directory
Industrial Protocols (Modbus, DNP3, OPC UA)
Cloud infrastructure
Human elements (phishing, social engineering)
1.2 Payload Development
– Develop and test custom payloads and exploits tailored to client’s landscape
– Validate in lab environments prior to deployment
– Evasion tested against Microsoft Sentinel, Defender, and EDR solutions
1.3 Advanced Attack Techniques
– Lateral movement, privilege escalation, data exfiltration simulation
– OT-specific attacks: protocol fuzzing, firmware analysis,
– ICS/SCADA manipulation
– Optional: RF attacks, SDR, Zigbee, RFID (if within scope)
2. Purple Team Collaboration
– Collaborate with Blue Team, SOC, IR for live tuning during the engagement
– Perform purple teaming sessions to:
– Improve SIEM detection rules
– Enhance behavioral analytics
– Validate containment procedures
3. Reporting, Documentation, and Remediation Coordination
3.1 Documentation Requirements To provide comprehensive documentation, including:
ü Rules of Engagement (RoE)
– Agreed scope, attack timelines, escalation path
ü Red Team Report – Technical : Detailed breakdown of attack chains, payloads used, tools, timelines, detection status.
ü Red Team Report – Executive – Business impact, risk ratings, non technical summary of gaps and recommendations.
ü Attack Kill Chain Timeline Visual attack chain per MITRE stages: Initial Access → C2 → Lateral Movement → Exfiltration
ü ICS Security Assessment Summary – Specific findings related to OT/ICS vulnerabilities and risks
ü Payload & Artifact Log – Documented behavior, purpose, IOCs, and testing notes of all deployed payloads.
ü Lessons Learned – Breakdown of detection failures, process weaknesses, and people/process gaps
ü Remediation Guidance – Actionable, prioritized recommendations aligned to severity and root cause
3.2 Ticketing System Registration
• All confirmed findings must be logged into clients’ ticketing/tracking system (e.g. ServiceNow or equivalent) under the correct severity category.
• Tickets shall include:
– Vulnerability description
– Evidence (e.g., screenshots, logs)
– MITRE technique mapping
– Impact level and affected asset
– Assigned resolver group and due date
3.3 Stakeholder Engagement & Remediation Coordination
· Conduct walkthrough sessions with relevant clients’ teams:
– Blue Team
– System owners (IT/OT)
– Security Engineering
– Application/Cloud owners
· Facilitate remediation planning discussions to:
– Align on mitigation timelines
– Define temporary controls (if applicable)
– Determine test-of- effectiveness approach
· Provide support during remediation phase by clarifying:
– Attack vectors
– Exploit dependencies
– Detection gaps and misconfigurations
3.4 Post-Engagement Follow-Up
Retest critical and high- severity findings (1 round included)
Provide a retest confirmation report for closed findings
– Conduct final debrief workshop to review:
– Remediation progress
– Lessons learned
– Suggested roadmap for maturity uplift
4. Tools and Frameworks, includes but not limited to:
Category Sample Tools
C2 / Payloads-Cobalt Strike, Mythic, Sliver
Recon & OSINT-SpiderFoot, Shodan, Maltego
OT/ICS-Modbus Fuzzer, PLCScan, ICSim
AD Exploitation-Mimikatz, Rubeus, BloodHound
Cloud-ScoutSuite, Pacu, AzureHound
Obfuscation-PEzor, Donut, Shellter
Ticketing-Integrated into Clients’ ServiceNow (or equivalent)
5. Security, Legal & Ethical Requirements
All activities must comply with:
Client’s cybersecurity policy
Local laws and industry- specific regulations
IEC 62443, ISA/IEC 62443, NIST 800-82, NERC CIP
Confidentiality is mandatory: no screenshots, logs, or payloads may leave Clients’ control without prior written consent.
1. Minimum 5+ years of hands-on experience in Red Teaming, penetration testing, or offensive security.
2. Expertise in using offensive security tools such as:
3. Cobalt Strike, Metasploit, Empire
4. BloodHound, Mimikatz, Burp Suite, and others.
5. In-depth knowledge of ICS/SCADA systems, industrial control networks, and Operational Technology (OT) security.
6. Proven experience with Active Directory attacks, cloud security, and advanced lateral movement techniques.
7. Skilled at bypassing firewalls, EDR (Endpoint Detection and Response), SIEM systems, and network anomaly detection.
8. Proficiency in programming and scripting languages including:
9. Python, PowerShell, Bash, C/C++ for exploit development and automation.
10. Familiarity with key industrial communication protocols such as:
11. Modbus, DNP3, BACnet, OPC UA, Profinet, and others.
12. Understanding of RF (Radio Frequency) security, hardware security, embedded device security, and firmware analysis techniques.
Additional Experience:
1. Proven experience in critical infrastructure industries such as energy, oil and gas, or similar sectors.
2. Skilled in creating custom exploits, malware, and advanced evasion techniques.
3. Knowledge of ICS/OT honeypots and the application of deception technologies for threat detection.
4. Hands-on experience conducting Red Team exercises in air-gapped or highly secure environments.
Certifications:
Advanced Red Team Certifications:
1. OSCP (Offensive Security Certified Professional)
2. OSCE (Offensive Security Certified Expert)
3. OSEP (Offensive Security Experienced Penetration Tester)
4. CRTE (Certified Red Team Expert)
5. CRTO (Certified Red Team Operator)
6. GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
OT-Specific Security Certifications:
1. GIAC GRID (Global Industrial CyberSecurity Professional)
2. GIAC GICSP (Global Industrial CyberSecurity Professional)
3. IEC 62443 (Industrial Automation and Control System Security)
General Security Certifications:
1. CISSP (Certified Information Systems Security Professional)
2. CEH (Certified Ethical Hacker)