© 2020 Content Security Pty Ltd.
Red Teaming delivers an adversary simulation service that recreates actual attack scenarios on available, and exposed attack surfaces. Ultimately, it tests your Blue Team’s ability to detect and respond to attacks, assessing if they’re responding to breaches in an appropriate manner.
Our team emulates actual, stealthy attackers, providing you with a more realistic picture of the risks posed to your assets. The scope of a red team engagement is limitless in nature, meaning we’ll use any means necessary to achieve the defined goals, using tactics such as social engineering, phishing, physical intrusion and deploying custom malware.
In fact, 98% of red teaming engagements lead to more targeted increases in security investments
Traditional penetration testing can be limited due to time and scope constraints, leading to a noisy attack that your blue team is aware of. Usually, your organisation will whitelist our IPs so the test can be performed unhindered. As a result this does not really test your systems against an attack.
Unlike penetration testing, red teaming campaigns are rigorous assessments of your detection and response capabilities. The key difference here is that multiple people are tasked with testing the entirety of your security defences, while your security team attempts to detect and combat these.
A majority of the time your blue team is unaware of the red team engagement, meaning they are acting as if under a real-world attack. This encourages our team to be for more careful and secretive, thus requiring extensive reconnaissance.
First, we set out to determine the ground rules for the assessment. You may have specific goals your organisation would like to achieve, however, we can always assist in planning your objectives.
Second, the red team will perform recon. This involves collecting as much information as possible about the target (your business) prior to the campaign. Recon provides us with a map of the target assets, further enabling us to test without being detected.
Following the recon stage, our team will have gathered a large amount of information on both your digital and physical defences. Usually, the team will identify several attack avenues in order to maximise the probability of success and keep detection at a minimum.
After identifying a weakness, the team attempts to exploit it and bypass your organisation’s defences. This stage varies from one engagement to the next, but may include social engineering against your employees, USB drops or bypassing your physical defences.
Once we gain access, our primary goal is to ensure access continues. Therefore, in this stage we expand and deepen our foothold on the target network, establishing persistence to ensure the success of our assessment.
By now, the team is well-positioned to execute the agreed upon attack objective – this may be exfiltration of intellectual property, breaching onsite security or gaining access to server rooms.
After the red team is finished, we provide a detailed overview of their actions, as well as key findings and vulnerabilities. In addition, we detail the likely risks posed to your organisation, demonstrating the potential business impacts of these risks and prioritised recommendations for remediation.
Our team are seasoned, experienced and business-minded security consultants with an average of 10 years experience. We’ve conducted hundreds of red team exercises for clients across state and local government, health, finance and non-profit organisations.
Each member of our team brandishes a myriad of industry qualifications, thereby upholding the highest standards of ethical and professional conduct.