redteam2

Red Teaming Operations

In Red Teaming, Securify uses all means necessary (software vulnerabilities, social engineering and more) in a coordinated attack oriented towards your organization's systems and infrastructure. We employ the tools that bad guys might leverage to compromise your digital assets!

Digital. Social. Physical.

Red Teaming is an adversarial-based attack simulation. Our experienced multidiscipline team (Securify RED) will perform (digital) attacks on people, software, hardware, and facilities. By executing realistic attack scenarios Securify RED will test your organization’s detection and response capabilities (the Blue Team). Any weaknesses identified during the engagement are shared with you to harden your defenses and perimeter, which makes your organization more resilient to attacks.


Red Teaming vs Penetration Testing

Red Teaming is similar to Penetration testing, but there are several significant differences. Notable examples are:

  • Scope: Penetration tests have a limited scope while Red Team engagements generally have a full scope.
  • Goal: the goal of a Penetration test is to identify as many vulnerabilities as possible. A Red Team tries to find the vulnerabilities that get them in, so finding all isn't necessary.
  • Duration: Red Team engagements are longer in duration than Penetration tests. The attack scenarios executed during a Red Team engagement take longer to prepare and execute.

All means necessary to gain access

Securify Red will meticulously assess the environment it will attack in order to plot attack scenarios that will likely gain the team access, trying not to be noticed of course. Such scenarios are only limited by a hacker's imagination, and if it concerns getting in he will use all of his resourcefulness to that end!

Some examples of how we can get a foothold into your organization:

  • Social engineering attempts.
  • Using vulnerabilities in software and hardware to circumvent authorization or escalate privileges.
  • Employing fingerprinting tools to find entry points into networks and systems.
  • Red Teaming tools.
  • And more...

Test and improve your organisation's detection and response capabilities.

After the engagement we’ll discuss which targets were achieved, what was seen by your Blue Team and what was missed.

A typical Red Team engagement

  • 1

    Intake

    A Red Team engagement always starts with an intake. Together we define a set of targets (crown jewels) or attack scenarios. Boundaries are defined, what is the Red Team allowed to do and what isn’t allowed. We’ll discuss our approach; do you want us to be as stealthy as possible or should we on purpose try to trigger detection rules to train the Blue Team/incident response.

  • 2

    Information gathering

    Based on the input from the intake we’ll start gathering information about your organization. This can include searching for open sources in social media, probing the external attack surface, investigate how the physical perimeters have been secured and lastly how information may be crafted in such a way that specific attack scenarios are applicable for your organization.

  • 3

    Attack simulation

    After the information gathering we’ll execute the attack scenarios. Possible attack scenarios are Social Engineering, phishing, malware infection, Wi-Fi attacks, USB drops and many more.
    The attacks can be performed fully black box or depending on your needs we can simulate a particular scenario. A common scenario is where we’ll simulate an attacker that has already gain access to your internal network. In this case you provide us with access (e.g. company laptop, access cards) and we’ll try to attack your network from the inside. The duration of this phase depends for each engagement, it varies from 4-5 weeks to a couple of months. Some attacks have to be executed over a prolonged time period in order to stay under the radar to avoid detection.

  • 4

    Evaluation

    After the engagement is finished, we’ll sit down with the Blue Team and compare our time lines. We’ll discuss which targets were achieved, what was seen by the Blue Team and what was missed. Together we can identify the weak spots of your organization and try to find measures (e.g. monitoring, incident response) that can be improved.

  • 5

    Training

    After the evaluation, often additional measures will be implemented. We can help with strengthening these measures by replaying some of the attacks executed during the Red Team action. This way you’ll get a feeling how effective these measures are. Naturally we’ll try variations of these attacks to see if these are detected or stopped.

Securify RED for your organization's Red Teaming engagement?

Are you interested in finding out how Securify's Red Teaming service may help your organization increase its line of defence against bad guys?

During an intake (free of charge) we can discuss the way Red Teaming will best fit your requirements, goals and budget.




Talk about your project with us →