Red Team Pentesting

Pentesting for Maturely Secured Defenses

what-is-a-red-team-mitnick-security

How Can a Red Team Operation Help Cybersecurity?

Organizations who’ve run their share of penetration tests and hardened their security may be looking for a way to up the ante... to put their improved defenses to the test. In step the Red Team engagement.

Named after Red Team military simulations and war games, Red Team cybersecurity operations are more advanced pentests, wherein a seniored team of ethical hackers (The Red Team) attacks the security controls of a target acting in defense (The Blue Team)— gloves off.

While the goal of a traditional pentest is to find as many security gaps as possible, exploit them and access each vulnerability’s risk level, Red Teamers’ goal is to find just one way in and uncover the coveted data they can get their hands on.

what-is-a-red-team-mitnick-security

Is my company a good fit for a Red Team engagement?

The Red Team methodology is a good fit for companies with a mature security posture— who are confident in the defenses they’ve built and want to put their hard work to the test. 

Companies who have only ever conducted a vulnerability assessment are best conducting a few focused penetration tests and hardening their security before considering a Red Team exercise.

How Red Team Operations Work

Step 1: Kick-Off & Rules of Engagement

Each red team engagement begins with a kick-off call where we’ll discuss the data you’d consider your company’s “crown jewels,” or the most sensitive info our pentesters will try to exfiltrate. 

The kick-off call is also where we’ll talk about the rules of the engagement and how we’ll ensure there are no / minimal disruptions to your network during our attack. This may mean explicitly avoiding attacks that may cause disruption, such as DDOS (Distributed Denial of Service) attacks, or defining what disruption means to you.

Step 2: Red Team Deployment

With a designated start date agreed upon, we’ll begin our test. 

Our skilled Red Team will divide into mini attack teams, each targeting a different area of your business— from one team for internal networks to another for wireless vulnerabilities, etc. It’s this holistic, no holds barred approach that allows us to work in synchronicity, attacking all angles of your security infrastructure.

How long will the Red Team pentest last?

You may be used to traditional penetration tests lasting about a week. A Red Teaming goes much more in depth, with the typical Red Team project extending from three weeks to a month— sometimes even longer depending on the company size and their systems’ complexity.

During the Attack

Our team will be available 24/7 on a dedicated channel, created just for your team. This important line of communication can be used to confirm that detected actions are not the work of a real threat actor, so you can react accordingly.

Although you won’t be made aware when we breach your security and gain access to the target data (similarly to a real attack), we notify you immediately if we find any critical vulnerabilities, and again when the test is wrapping up. 

We also note any changes we’ve made to the environment (such as account creation or modification) and inform your primary point-of-contact at the end of the testing phase, so they can be promptly removed.

Reviewing Your Red Team Pentest Results

After our Red Team engagement, we’ll compile a robust report of our findings— what we’re proud to call the industry’s gold standard of pentest reports for our detailed walkthrough of the attack.

This comprehensive, easy-to-explain document will break down exactly what our team did, what we discovered and what we gained access to. 

Most importantly, we’ll provide you with mitigation strategies, straight from our seniored pentesters.

Complete the form on this page to get started.