Red Team Testing

Red Team Testing focuses on identifying potential damage to your organization that a determined, directed attacker could accomplish. Our services serve as a tool to train your security team on identifying real indicators of an active attack.  Red Team Testing is a concept that derives its name from military jargon. Security experts with extensive training work with you to identify your goals to test your preparedness if threat actors decided to target your organization. 

Testers gather information for their tests using Open Source Intelligence by searching the internet for publicly available and personal employee information to plan their attacks on your organization the same way a threat actor would. Next begins the collection of your target data, which is analyzed for potential technical, physical and social vulnerabilities. Exploits are then selectively executed to gather more information and control of your target assets.

Compromised systems are used to establish persistence on your network, and to begin a new round of data collection within your environment. Information and access gained in early cycles used to move the attacker closer to their objectives. As opposed to traditional testing, which delivers a comprehensive review of all vulnerabilities and technical risks, during Red Team testing, we work with your organization to establish testing objectives (sometimes called trophies): specific, high-value systems or data that are the same business-impacting goals that advanced threat actors aim to achieve. The output from this testing will help your organization prioritize where to focus security efforts.

The Red Team Testing Process

Red Team testing begins with identifying the primary goals that may include:

  • Extracting or inserting sensitive, business-critical data.
  • Attempting persistent access to try and compromise your devices.
  • Identifying whether it is possible to inflict reputation damage through website defacement or exposing your client data.


A critical component of the engagement is to clearly establish and agree to the rules of engagement (ROE). During our initial scheduling and kickoff sessions, the rules of engagement for the testing are established. 

Physical Access Enumeration

We will identify physical and logical entry points that can be exploited to gain access to buildings, facilities, and assets. The vulnerabilities could be used as a pivot point into more sensitive areas or endpoint access to networks.

Open Network Services Enumeration

We will interrogate available network services to determine additional information about your network that could lead to compromise. 

Open Network Services Exploitation

We will use information from "open network services enumeration" to attempt compromise of your network services. 

Post Exploitation and Lateral Movement

We will attempt to identify compromise vectors for wider network or domain infrastructure. Techniques used in this phase show the potential of initial compromise.

Get a Quote


"David has impressed me with his ability to maintain a high degree of security knowledge in a field that is constantly changing."
-Timothy M. Opsitnick
" In particular, he provided the core capability we needed to execute a recent cybersecurity assessment for the U.S. Department of Energy (DOE)."
-Ranson J. Ricks
Indianapolis, Indiana
"His record of corporate successes in a highly competitive cybersecurity environment speaks for itself."
-Carlos Fernandes
Purcellville, Virginia