By conducting a red team test, we have the ability to simulate a real attack that will test your threat detection capabilities and train your Blue Team to refine your defensive response.
The procedures used during red team engagements are very close to real attacks. We are required to penetrate your systems undetected in order to uncover weaknesses in the overall security of your organization. The scope of such engagements are generally broader than with a penetration test because different methods are employed that are not normally performed otherwise.
Your organization invests on all types of security measures to keep it safe from external attackers; however, these measures are rarely tested and are most likely vulnerable to very simple attacks that require very little investment from the perspective of an attacker.
The use of custom-made malware, physically accessing your organization's site under false pretenses and impersonating other people during phone conversations are a few examples of the methods that we may employ during a red team engagement.
A red team engagement is not only a test of the security measures employed by your organization, but also a good training exercise for your Blue Team. After the red team engagement concludes, we conduct a professional exchange with your Blue Team in order to make sure that during the next engagement our job will be much harder.
Different Goals in Red Teaming
During classic red team engagements, we aim to achieve a specific objective that was agreed upon before the test begins. This objective can range between taking over a domain controller, stealing a particular file from an internal network, getting access to internal emails, among many other possibilities. Our attacks take place while your Blue Team tries to detect and neutralize our attempts.
In many cases a full red team engagement is not practical. If, for example, there is no Blue Team, it makes little sense to test whether our attacks can be detected. In such cases, we will discuss the goals and procedures beforehand in order to obtain the optimal result from these simulations. In other cases, it could be advantageous to focus on specific scenarios: for example, based on the assumption that an employee is already compromised. This is sometimes considered a red team test with different start conditions and thus may be helpful by saving time.
There are many variations of planning and design involved which has resulted in other definitions and team colors. Purple Teams, White Teams, Orange Teams as well as Yellow and Green teams exist. Since the terminology is not yet firmly defined, there are always new terms and buzzwords - in practice, however, the differences are mostly about procedures and are discussed in the scoping stage.
We are constantly experiencing the positive effects of the good interaction between the Red and Blue Teams. Ultimately, it is all about long-term learning and improvement of the Blue Team's capabilities.
Real phishing attacks are very widespread due to the fact that, despite the high level of awareness, they are still successful enough. Experience shows that sensitizing employees to these attacks can significantly reduce their success rates.
We offer phishing attack simulations in an adjusted form where no personal data is recorded. These simulated attacks offer an assessment of the current threat situation (e.g. how many employees follow the link in the phishing email), but more importantly, they massively increase the sensitivity and detection capabilities of the employees. We generally observe that the success rate of these attacks drop significantly in follow-up tests.
As part of Red Teaming, we occasionally use this proven attack method. However, this is only one method out of many others that we will conduct during a red team engagement.
During Red Teaming engagements, we generally also try to obtain or access information through social engineering techniques. This type of attack usually requires creativity and an appropriate demeanor. In practice, there are often spontaneous situations that require improvisation.