Now that you’ve got a few concentrated penetration tests under your belt, you’re ready to put your newly enhanced security to the test. And boy, are we up for the challenge.
But we know choosing a Red Team pentester isn’t a decision you take lightly. It’s a costly investment, and you want to make sure your time and security budget are well spent.
At Mitnick Security, we take a different approach to Red Team pentesting— and it’s the reason top, global brands trust us with the job. Here’s what you get every time you Red Team with us:
1. Our world-renowned Global Ghost Team.
When you hire Kevin Mitnick for a Red Team engagement, you aren’t exclusively working with the world’s once most wanted hacker. You’re also tapping into some of the best senior security specialists and researchers in the biz: all forming The Global Ghost Team.
It’s a hard reality that some Red Teams hire novice pentesters to work under one master lead. ALL of our Red Team, however, has a minimum of 10 years of experience conducting deep penetration tests— and are known within the cybersecurity community for their advanced manual techniques to find otherwise indistinguishable vulnerabilities.
2. A thorough kick-off, where we’ll define the rules of engagement.
Some Red Team pentesters come in hot, having a quick call about your security infrastructure before diving in— guns blazing. At Mitnick Security, we emphasize the importance of explorative introductory conversations. Without wasting time, we lead your team through scope discussions, ensuring we understand your goals, setting the bull’s eye on our target(s) and clearly defining the rules of engagement.
These detailed kick-off terms ensure that our goals are in alignment with yours and that everyone involved has a baseline for what may come. In a Red Team engagement where the test lasts anywhere from 3-6 weeks, it’s pertinent to understand what disruptive behaviors are fair game vs. which aren’t.
Even after the initial terms are settled, our Global Ghost Team spends a heavy portion of the assessment in the pre-attack phase, performing extensive open-source intelligence research before making any moves. While you might think this is an assumed part of the Red Teaming methodology, every pentester takes a different approach and some spend less time strategizing than your company’s paid for.
3. An individualized, yet united, “no holds barred” approach.
A key difference between a traditional penetration test and a Red Team engagement is that as Red Teamers, we usually have complete freedom over the methods and pathways we use to breach systems. That means we try any way feasible to find an entry point, leveraging a long list of attack vectors.
Our Global Ghost Team in particular takes a unique approach by dividing into “mini” attack teams. Three pentesters may focus on internal networks. Another team may look for wireless vulnerabilities. After, we come together and agree on a collective plan before simultaneously executing our attack. Once one Red Team is in, we regroup and move laterally throughout your system as one unit.
4. Communication during the attack.
Some pentesters like their autonomy during the attack phase and “go dark” after the start of the engagement. This can sometimes concern the target company, who may go weeks without hearing a peep from the Red Teamers.
At Mitnick Security, we know those involved in the pentest want to stay in the know. That’s why our team is available 24/7 on a dedicated channel, created just for your team. We’re there for you to ask questions and confirm that suspicious activity is our team and not the work of a real threat actor.
Although— similar to a real attack— you won’t tell you when we’ve made the breach, we do notify you immediately if we find any critical vulnerabilities and connect again when the test is wrapping up.
5. A robust pentesting report.
Another differentiator between Mitnick Security’s Red Team engagement and other pentesters is our detailed reporting.
Our pentesting reports paint the whole narrative of our strategies for entry and our attack attempts and successes— all broken down in an easy-to-understand, step-by-step story. Not only will you see exactly how we got in and what security weaknesses were our golden keys, but we’ll also rank all the vulnerabilities we found by criticality, with specific recommendations for remediation.
See Our Work
Us explaining how our Red Teaming process works is great and all, but we know you want to hear what real clients have to say about our Global Ghost Team too.
Check out this World Surf League Case Study to see what we dug up and how the surf-related news site applied its findings to make important security improvements.
Want to discuss a Red Team engagement? Explore our Red Team service page.