Red Team Testing focuses on identifying potential damage to your organization that a determined, directed attacker could accomplish. Our services serve as a tool to train your security team on identifying real indicators of an active attack. Red Team Testing is a concept that derives its name from military jargon. Security experts with extensive training work with you to identify your goals to test your preparedness if threat actors decided to target your organization.
Testers gather information for their tests using Open Source Intelligence by searching the internet for publicly available and personal employee information to plan their attacks on your organization the same way a threat actor would. Next begins the collection of your target data, which is analyzed for potential technical, physical and social vulnerabilities. Exploits are then selectively executed to gather more information and control of your target assets.
Compromised systems are used to establish persistence on your network, and to begin a new round of data collection within your environment. Information and access gained in early cycles used to move the attacker closer to their objectives. As opposed to traditional testing, which delivers a comprehensive review of all vulnerabilities and technical risks, during Red Team testing, we work with your organization to establish testing objectives (sometimes called trophies): specific, high-value systems or data that are the same business-impacting goals that advanced threat actors aim to achieve. The output from this testing will help your organization prioritize where to focus security efforts.
Red Team testing begins with identifying the primary goals that may include:
A critical component of the engagement is to clearly establish and agree to the rules of engagement (ROE). During our initial scheduling and kickoff sessions, the rules of engagement for the testing are established.
We will identify physical and logical entry points that can be exploited to gain access to buildings, facilities, and assets. The vulnerabilities could be used as a pivot point into more sensitive areas or endpoint access to networks.
We will interrogate available network services to determine additional information about your network that could lead to compromise.
We will use information from "open network services enumeration" to attempt compromise of your network services.
We will attempt to identify compromise vectors for wider network or domain infrastructure. Techniques used in this phase show the potential of initial compromise.