Loading...
Loading...
CREST-led threat-actor emulation aligned to BNM RMiT paragraph 10.49, iCAST and TIBER-EU. We replicate the adversaries actually targeting Malaysian banks — and prove your detection works.
Intelligence-led penetration testing (also called threat-led penetration testing, or TLPT) is a controlled red-team exercise where testers emulate the tactics, techniques and procedures (TTPs) of real threat actors known to target the institution's sector. Unlike a standard scoped pentest, the exercise begins with bespoke cyber threat intelligence (CTI) on adversaries — ransomware affiliates, state-aligned groups, or financially-motivated APTs — and uses that intelligence to drive a realistic, end-to-end attack simulation across people, processes and technology.
For Malaysian financial institutions, this is the highest assurance test available. It is the methodology referenced in BNM's RMiT Policy Document at paragraph 10.49 and is the local equivalent of HKMA's iCAST, ECB's TIBER-EU, MAS's AASE and the Bank of England's CBEST.
BNM's Risk Management in Technology (RMiT) policy document is the binding regulatory standard for all licensed financial institutions in Malaysia. Paragraph 10.49 requires FIs to “conduct penetration testing on its critical systems using intelligence-led techniques that emulate the tactics, techniques and procedures of relevant threat actors”. This goes beyond vulnerability assessment or compliance scoping — it is an executive-level assurance that your investment in controls actually withstands adversary pressure.
Examiners look for evidence the test was independent, threat-intelligence driven, covered the full attack chain (initial access through objectives), and produced actionable improvements to detection and response. nCrypt structures every engagement to produce that evidence pack from day one.
Joint scoping with the white team (typically CISO + Head of Risk). Crown jewels identified, rules of engagement signed, BNM/regulator notification protocol agreed. No blue-team awareness.
Bespoke CTI report on adversaries targeting Malaysian FSI: ransomware affiliates, regional APTs, e-wallet fraud rings. We build attack scenarios from real, recent campaigns — not generic playbooks.
Multi-week, full-kill-chain operation: reconnaissance, weaponisation, delivery, initial access, privilege escalation, lateral movement, objective. Mapped to MITRE ATT&CK throughout.
Controlled replay of every TTP with your blue team and SOC. We measure what was detected, what was missed, MTTD/MTTR and the specific log sources and rules needed to close gaps.
Technical report, executive summary, remediation roadmap, BNM examiner pack. We present to the board risk committee and stay available for regulator Q&A for 90 days.
Bank Negara Malaysia's RMiT Policy Document, paragraph 10.49, requires financial institutions to conduct intelligence-led penetration testing using realistic threat scenarios and tactics that mirror real-world adversaries. While the specific cadence is risk-based, BNM expects systemically important FIs to perform such exercises periodically, with scope and methodology proportionate to threat exposure.
Standard pentests assess a defined scope (an app, network segment, or environment) against a known checklist. Intelligence-led tests start with cyber threat intelligence on adversaries actually targeting your sector, then emulate their full TTPs (initial access through objectives) across people, process and technology with no advance notice to the blue team — much closer to an actual breach scenario.
RMiT does not prescribe a fixed interval, but expects frequency to reflect the institution's threat profile, criticality and changes to its technology landscape. In practice, large Malaysian banks run a full intelligence-led exercise every 18-24 months, with scoped red team simulations annually and after major architecture changes.
BNM expects testers to hold recognised credentials such as CREST STAR, CBEST or equivalent, with team leads carrying OSCP, OSCE or CREST CCT. The provider must be independent of the FI's IT operations, demonstrate threat-intelligence capability, and operate under a strict legal authorisation and data-handling framework. nCrypt is a CREST member firm with STAR-aligned methodology.
Deliverables typically include: a threat-intelligence briefing report, attack narrative mapped to MITRE ATT&CK, detailed findings with CVSS and business-impact ratings, evidence pack, detection-and-response gap analysis (purple team handover), executive board-ready summary, and a 90-day remediation roadmap. We also support BNM examiner Q&A and audit-trail packaging.
Scoping calls take 30 minutes. We can run a full RMiT 10.49 intelligence-led exercise in 8-12 weeks from kickoff.
Get a Scope