If you’re wondering “Is it possible for an attacker to [insert threat here],” a red team assessment will give you the answer. While a purple team engagement is used to evaluate and bolster your blue team, a red team engagement is the final exam for your blue team. Organizations that are ready for a red team assessment have an established blue team and experience with penetration tests as well as phishing, vishing, wireless, and physical testing. Your defenses are ready for the ultimate test.
This engagement is executed against your entire attack surface. Our team (the red team) conducts reconnaissance, builds attack plans, and executes multi-vector attacks to achieve the established objective. This is a covert test, unknown to your team.
Our team gathers open-source intelligence (OSINT) to identify a list of targets, including domains, networks, and websites. They review job postings, social media, blogs, public documents, and observe your physical locations and wireless networks.
The red team plans its attacks based on the established assessment objectives and the intel gathered during reconnaissance. Attack plans are provided to client leadership (the white team) before execution. Once approved, attacks are executed.
Once our team gains a foothold within your environment, they begin maneuvering toward the objectives. They leverage your tools and silently target and exploit systems as they advance toward the objective, making every effort to go undetected by your team. Once they achieve the objective, the assessment ends.
Our team delivers a detailed report to the white team that includes all attack plans, activities, and observations. It also provides a statement on the overall security posture of your organization and suggested remediation efforts.