What is a Red Team Exercise?
Test the overall strength of your defences, technology, people and processes, by simulating the objectives and actions of a cyber attacker.
Penetration testing is a valuable part of your cyber security mix, however, Red Team exercises go a step further. Our exercises can take in the full spectrum of organisation policies, processes, and technology defences.
Significantly more sophisticated than our standard penetration test, our cyber attack simulation accurately mimics advanced, covert, multi-phase attacks, which occur in the real-world.
After agreeing specific targets, our industry-leading ethical hacking team execute a program for achieving the
compromise, which could include elements from a full scope of blended attacks, selected to give the best chance of a successful outcome.
Our Approach to Red Teaming
Once the targets and scope have been agreed, the service may include: –
• Open Source Intelligence (OSINT) gathering
• Building, organisation, network, physical controls and system reconnaissance
• Manual testing using malicious actor’s Tactics, Techniques and Procedures
• Attempted physical breach of the organisation’s premises
• Human targeting through social engineering
• Hardware vulnerability exploitation
• Wi-Fi network intrusion
• Signal vulnerability exploitation e.g RFID door-pass cloning
• Business application exploitation
• 0-Day hunting and exploit development when needed
• Attempted full breach
• Establish post-exploitation persistence
• Pivoting using compromised hosts for lateral movement through the network
• Data insertion and exfiltration
• Detailed report containing: Results of reconnaissance, attack vectors chosen, attack methods, attack payloads used, attack results, short term mitigations, long term mitigations
• Improve Your Security Posture: go beyond typical pen testing and vulnerability scanning, to gain a deeper understanding of your likely attack vectors.
• Verify your security controls: Tests are conducted against infrastructure and employees, revealing the organisation’s ability to detect and respond to attacks
• Prioritise your risks: Understanding what the most critical security issues are helps you to prioritise and focus your remediation efforts
• Reduce your attack risk : Modelling our exercise on real hacker behaviours provides greater visibility into
your organisation’s weaknesses
• Bespoke approach: Our ethical hackers identify the “crown jewels” specific to your organisation.
• Achieve greater defensive agility: Use the outcomes to reduce the probability of a successful attack
We’re proud of our Red Team, which is made up of some of the brightest sparks in the industry. Our technical ability combined with our associate social engineering and deep understanding of the techniques used by cyber criminals, allows us to deliver a fully rounded and valuable service.
The assessment is documented in a simple, easily digestible, format.