Red Team Assessment

See how your people, processes, and technology stand up against an adversary who is committed to compromising your environment through any means necessary over a prolonged period of time.
Are you ready fora Red Team Assessment?

Ready for a Red Team Assessment?

If you’re wondering “Is it possible for an attacker to [insert threat here],” a red team assessment will give you the answer. While a purple team engagement is used to evaluate and bolster your blue team, a red team engagement is the final exam for your blue team. Organizations that are ready for a red team assessment have an established blue team and experience with penetration tests as well as phishing, vishing, wireless, and physical testing. Your defenses are ready for the ultimate test.

Get in Touch

Our Approach

This engagement is executed against your entire attack surface. Our team (the red team) conducts reconnaissance, builds attack plans, and executes multi-vector attacks to achieve the established objective. This is a covert test, unknown to your team. 

Phase 1

Our team gathers open-source intelligence (OSINT) to identify a list of targets, including domains, networks, and websites. They review job postings, social media, blogs, public documents, and observe your physical locations and wireless networks.

  • Rules of engagement
  • Recon work
  • List of targets

Phase 2

The red team plans its attacks based on the established assessment objectives and the intel gathered during reconnaissance. Attack plans are provided to client leadership (the white team) before execution. Once approved, attacks are executed.

  • Selected targets
  • Attack plans
  • Attack execution

Phase 3

Once our team gains a foothold within your environment, they begin maneuvering toward the objectives. They leverage your tools and silently target and exploit systems as they advance toward the objective, making every effort to go undetected by your team. Once they achieve the objective, the assessment ends.

  • Environment compromise
  • System exploitation
  • Objective achieved

Phase 4

Our team delivers a detailed report to the white team that includes all attack plans, activities, and observations. It also provides a statement on the overall security posture of your organization and suggested remediation efforts.

  • Engagement observations
  • Statement on security posture
  • Remediation recommendations
Red Purple Team Guide
White Paper

A Guide to Red and Purple Teams

Red team and purple team assessments let you simulate the impact of a specific threat on your organization, putting your people, processes, and technologies through the rigors of an attack. In this guide, our security experts define the roles involved in these types of assessments, the strategies behind them, and their benefits.

Download

Different from the Rest

At Focal Point, we take a different approach to managing cyber risk.

Tailored Objectives

We focus on the specific areas you want to evaluate and build objectives that put your defenses in these areas to the test. Our assessments are tailored to your unique needs.

Real-world Scenarios

We want to focus on the risks your company is actually facing. If you have a known threat actor posing a risk to your organization, we will build attack strategies that imitate this threat.

Wide Experience

Our team is skilled in all types of tests. Using this expertise, we link weaknesses together from across an entire attack surface to demonstrate tactics of a dedicated attacker.
Let's chat.

Ready to Get Started?

Focal Point is excited to take on your biggest data risk challenges. If you'd like to speak to a Focal Point expert or inquire about our services, please fill out the following form.

Related Content

Recommended reading for those looking to explore the world of penetration testing.
MFA Blog Post
Blog

The MFA Vulnerability You May Be Missing

Ok, now that you've patched your Windows hosts and blocked RDP access externally (right?), we can finally get to the point of this article: bypassing multi-factor authentication (MFA) and gaining access to...
Learn More
Password Cracking Blog
Blog

A Beginner's Guide to Password Cracking

The Focal Point Attack & Penetration team performs many internal penetration tests that culminate in a compromise of Windows Active Directory domains and access to the password hashes of all domain users. Like...
Learn More
Free Tool for Finding Malicious JavaScript
Blog

A New Tool for Finding Malicious JavaScript

Why compromise just one website when you can compromise a whole bunch of them all at once? I'm sure that's what attackers were thinking in 2018 as they compromised content delivery networks (CDNs) and used...
Learn More