Obtain valuable insight into your strengths and exploitable weaknesses.
Red Teaming exercises simulate an actual, relevant threat to your organization. These exercises focus on objectives and stealth-oriented attacks, allowing for an open-ended approach tailored to your organization. A Red Team engagement may test against not just the technical, but also the human and physical elements of your organization’s cybersecurity.
Your network is only as secure as its most easily accessible machine or its weakest physical access control. Engaging in a Red Team exercise helps you understand your strengths, vulnerabilities and how to stop your adversaries.
No two Red Team exercises are alike, but we do approach them all in a similar, reliable manner to minimize risk and maximize benefit. Our Red Team exercise is broken into the following phases:
We work with you to determine your goals, objectives and scope of the Red Team. What we determine, together, in this phase will influence the rest of the engagement. Based on our collaboration, we research which known threat actor is most likely to target your organization, and build the engagement to emulate their Tactics, Techniques and Procedures (TTPs).
Because these exercises are performed without prior information (“black box” testing), we gather as much in-scope information as possible on your network, physical and human footprints. This allows us to create an attack plan that emulates the threat actors' attack path. This reconnaissance is accomplished through both passive and active information gathering techniques.
Our team covertly attempts to gain access to your systems using information gathered during the reconnaissance phase. We take this information and perform a vulnerability analysis in which the attack surface is mapped to relevant TTPs from MITRE’s ATT&CK framework. Based on this analysis, we enact and carry out several TTPs based on your organization’s attack surface.
Our team uses various C2 platforms (both commercially-available and developed in-house) to covertly maintain access to your network and systems. We malform our shellcode enough to defeat most anti-virus solutions and use this access to capture credentials, move laterally, escalate privileges and reach sensitive data. The techniques used here are again limited only to your organization’s attack surface, and our team is experienced with scenarios in this phase including sensitive data exfiltration, ransomware proof-of-concept (POC) testing and internally-based social engineering attacks.
We create an After-Action Debrief that analyzes every phase of execution leading up to the accomplishment of each completed objective. Our goal is to ensure your team understands why something was vulnerable or abused, and how they can fix it. Together, we’ll review our detailed findings, severities and recommendations for fixes. A formalized report will be provided and our team will maintain a regular meeting cadence to review in-progress items and discuss upcoming objectives.