CREST Approved Red Team Services
Our CREST-accredited team simulates a full-scale, realistic cyberattack tailored to your objectives, targeting your organization's technology, people, and processes to test overall resilience, detection, and incident response capabilities against real-world threats.
CREST Approved Red Team Services
Our CREST-accredited team simulates a full-scale, realistic cyberattack tailored to your objectives, targeting your organization's technology, people, and processes to test overall resilience, detection, and incident response capabilities against real-world threats.
How is Red Teaming Different From Penetration Testing?
While penetration testing measures the breadth of exploitable vulnerabilities in a given system, red teaming measures how well an organisation recognises, resists, and recovers from targeted threats aligned to defined objectives.
What Kind Of Objectives?
Every successful red team exercise begins with meticulous planning. In this initial phase, the scope and objectives (or attack scenarios) of the engagement are defined, and the rules of engagement (ROE) are agreed upon.
Some examples of attack scenarios include:
Attack on Internet-Facing Services/Devices
This refers to attempts to compromise your systems, applications, or devices that are directly accessible from the internet. Malicious actors commonly use this attack vector to disrupt an organisation’s services or attempt a direct breach.
Supply Chain Attack
A sophisticated attack vector where we target a trusted third-party vendor or an element within your business environment. Malicious actors commonly use this attack vector to extract sensitive data and disrupt operations.
Malware Delivery or Credential Theft via Phishing
In a phishing simulation, we send deceptive communications to employees with the goal of manipulating them to perform an action or provide sensitive information. Malicious attackers commonly use this attack vector to inject malware into IT systems or gain unauthorized access to privileged accounts.
Compromised SSO Account
With access to a user’s SSO credentials, we are able to access multiple applications and services across the organisation with a single set of login details. This scenario evaluates how well the organisation can detect misuse of SSO access and protect high-privilege accounts that could lead to widespread compromise.
Compromised Cloud Tenant Account
This attack simulates unauthorized access to a cloud tenant account, such as an administrative account in AWS, Azure, or Google Cloud. The objective is to assess the impact of a breach in the cloud environment, including data exfiltration, misconfiguration exploitation, or lateral movement across integrated services.
Compromised Endpoint
An endpoint device (such as a laptop or desktop) is assumed to be compromised. We test the organisation’s ability to detect and respond to activities like data exfiltration, lateral movement, or privilege escalation originating from the compromised device.
What Kind Of Objectives?
Every successful red team exercise begins with meticulous planning. In this initial phase, the scope and objectives (or attack scenarios) of the engagement are defined, and the rules of engagement (ROE) are agreed upon.
Some examples of attack scenarios include:
Attack on Internet-Facing Services/Devices
This refers to attempts to compromise your systems, applications, or devices that are directly accessible from the internet. Malicious actors commonly use this attack vector to disrupt an organisation’s services or attempt a direct breach.
Supply Chain Attack
A sophisticated attack vector where we target a trusted third-party vendor or an element within your business environment. Malicious actors commonly use this attack vector to extract sensitive data and disrupt operations.
Malware Delivery or Credential Theft via Phishing
In a phishing simulation, we send deceptive communications to employees with the goal of manipulating them to perform an action or provide sensitive information. Malicious attackers commonly use this attack vector to inject malware into IT systems or gain unauthorized access to privileged accounts.
Compromised Endpoint
An endpoint device (such as a laptop or desktop) is assumed to be compromised. We test the organisation’s ability to detect and respond to activities like data exfiltration, lateral movement, or privilege escalation originating from the compromised device.
Compromised SSO Account
With access to a user’s SSO credentials, we are able to access multiple applications and services across the organisation with a single set of login details. This scenario evaluates how well the organisation can detect misuse of SSO access and protect high-privilege accounts that could lead to widespread compromise.
Compromised Cloud Tenant Account
This attack simulates unauthorized access to a cloud tenant account, such as an administrative account in AWS, Azure, or Google Cloud. The objective is to assess the impact of a breach in the cloud environment, including data exfiltration, misconfiguration exploitation, or lateral movement across integrated services.
What Happens During A Red Team Exercise?
Reconnaissance
Discover targets accessible on the network perimeter and identify phishing targets and topics of interests for the organisation.
Initial Access
Attack network services, devices and applications exposed on network perimeter.
E.g Perform phishing to lure targeted personnel to perform authentication on spoofed logon form, or to download and execute payload on their endpoint device.
Establishing Persistence
- Callback of C2 agent on endpoint device of client to the red team’s infrastructure .
- Establish persistence in the client environment by implementing measure for C2 callback after reboot, or through credentials.
Privilege Escalation And Lateral Movement
- Elevate the privileges obtained from initial access, or obtain credentials to impersonate as users of higher privileges.
- Shift operations to other hosts, network, platforms or environments to conduct further exploitation.
Exfiltration / Impact
Achieve the objectives set out in the exercise, which may involve exfiltration of data or impactful action after discussion and approval with client (e.g. encryption of data, termination of service) .
Interesting Work We've Done
ATM Red Team
Achieve the objectives set out in the exercise, which may involve exfiltration of data or impactful action after discussion and approval with client (e.g. encryption of data, termination of service) .
