Red Teaming Testing & Assessment

A penetration test is a focused form of cyber security assessment designed to identify as many vulnerabilities as possible over a short period of time, often just a few days. Pen tests are usually performed to assess specific areas such as networks and web applications. A red team operation is an extended form of engagement conducted over a period of weeks and designed to achieve a set objective such as data exfiltration. These operations follow a black-box methodology to ensure they accurately reflect the approach of genuine attackers.

Once everything has been agreed, our typical lead time is 10 working days.

Hackers and cyber criminals target organisations of all types and sizes, so it’s vital that you conduct these exercises from time to time. Red teaming is the only way to test every layer of your security defences, including technologies, processes and people.

For maximum effectiveness, the fewer people who are aware that a test is taking place, the better. Typically, the test will be authorised by someone at C-Level or Director level within your organisation.

Unlike genuine cyber-attacks, red team operations are designed to be non-destructive and non-disruptive. By choosing a CREST-accredited provider of ethical hacking services, you can be sure that all engagements will be carried out in line with pre-agreed rules of engagement and to the highest standards.

Red teams are attack-minded, simulating how a possible hacker would attack cybersecurity defences. Blue Teams are more defence minded. They architect and maintain the protective internal cyber security infrastructure. A purple team is designed to enhance the information sharing between—and the ultimate effectiveness of—an organisation's Red and Blue teams.

Red team testing is a highly bespoke assessment and its duration may vary considerably depending on the size of the company and the attack surface they have exposed. A&O IT Group can help your company to arrive at a realistic timeline that will yield the best results and have maximum coverage.

A red team cyber security assessment will employ a variety of techniques, starting with external reconnaissance. This phase includes the enumeration of all IPs and domain names belonging to the target organisation. Search engines and social media websites will be trawled for publicly accessible information. Once an attack surface has been identified, assessors will search for vulnerabilities in the infrastructure where public and, if applicable, bespoke Day One exploits will be used. Red Team members will attempt to gain an initial foothold. Vulnerable external web applications are exploited, social engineering is conducted, and varying payload delivery methods occur. If within the scope of the Red Team engagement, a physical breach of premises is conducted to gain an enhanced physical foothold which provides other opportunities for cyber-attack. Once a foothold is gained, lateral movement and privilege escalation techniques are employed. After the assessment is concluded, a detailed report with all supporting data demonstrating the attack with recommendations is supplied to you.

Red Teaming is advised for companies who have a mature cyber security strategy, and want to thoroughly test their defensive capabilities against scenarios that mimic how real-life attacks would occur.