Red team exercise

Our red team exercise tests the true strength of your defences, technology, people and processes by simulating the actions of a cyber attacker.

Penetration testing is a valuable part of your cyber security defences, however, a red team exercise goes a step further. Our exercises can test the full spectrum of organisation policies, processes, and technology defences.

Significantly more sophisticated than penetration testing, our cyber attack simulation accurately mimics advanced, covert, multi-phase attacks which occur in the real world.

After agreeing on specific targets, our ethical hacking team execute a program for achieving the compromise, which can include elements from a full scope of blended attacks, selected to give the best chance of a successful outcome.

Technical elements

Once the targets and scope have been agreed upon, the service can include:-

  • Open Source Intelligence (OSINT) gathering.
  • Building, organisation, network, physical controls and system reconnaissance.
  • Manual testing using the tactics, techniques and processes of a malicious actor.
  • Attempted physical breach of the organisation’s premises.
  • Human targeting through social engineering.
  • Hardware vulnerability exploitation.
  • Wi-Fi network intrusion.
  • Signal vulnerability exploitation e.g. RFID door-pass cloning.
  • Business application exploitation.
  • Zero-day hunting and exploit development.
  • Pivoting using compromised hosts for lateral movement through the network.
  • Data insertion and exfiltration.
  • Establish post-exploitation persistence.

Typical outputs include results of reconnaissance, attack vectors chosen, attack methods, attack payloads used, attack results, short and long-term mitigations, plus remediation.

Red team exercise overview

  • Improve your security posture: Go beyond typical pen testing to gain a deeper understanding of your likely attack vectors.
  • Verify your security controls: Tests are against technology and employees, revealing your ability to detect and respond to attacks.
  • Prioritise your risks: Understanding the most critical security issues to prioritise your remediation efforts.
  • Reduce your risk: Modelling our exercise on real hacker behaviours provides greater visibility into your organisation’s weaknesses.
  • Achieve greater defensive agility: Use the outcomes to reduce the probability of a successful attack.

We’re proud of our red team, which is made up of some of the most qualified people in the industry.

Our technical ability combined with our deep understanding of the techniques used by cyber criminals allows us to deliver a valuable service to protect you and your organisation.

Discover how we’ve helped leading organisations

RECENT UPDATES

TIPS

Is bringing your own device to work a bad idea?

As ‘Bring Your Own Device’ or BYOD rises in popularity, with more than two-thirds of us using a personal device at work, it’s important for businesses to understand the security risk that this can pose.

TIPS

What is attack path management?

In a world where identities are the new security perimeter, compromising identity platforms like AD and AAD provides the greatest payoff for attackers, ultimately giving them control of all users, systems and data within the organisation.

TIPS

.ZIP domain registration: A risky gateway to nefarious outcomes

In the ever-evolving world of cybersecurity, understanding emerging threats is critical to maintaining a robust defence. One trend currently attracting attention is the registration of .ZIP domains.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
Manchester office

The Sharp Project
Thorpe Road
Manchester
M40 5BJ

LET’S TALK