what-is-a-red-team-mitnick-security

Put Your Security Team to the Test

Red Team: A group of cybersecurity experts that detects vulnerabilities in your systems and networks while mimicking the attacks of an intruder.

Similar to military simulations and war games, red team engagements are exercises in which our team of ethical hackers (red team) attacks your layered security controls while your security team (blue team) defends it.

Not only does a red team engagement put your system to the test, this simulated cyberattack prepares your team against a real attack, without putting you at risk.

what-is-a-red-team-mitnick-security

How Red Team Operations Harden Your Security

Mitnick Security’s dedicated team of ethical hackers and engineers, the Global Ghost Team™, works to exploit vulnerabilities and gain access to your internal environment. We do this through a series of tactics, techniques and procedures that we have developed over the last thirty years.

Once they have access to the inner workings of your system, the Global Ghost team works to gain administrative privileges and compromise internal accounts. Many clients also identify specific targets for the engagement, such as email exfiltration and sensitive data. Our team pursues these by any means not potentially harmful to the environment or explicitly stated as off-limits.

How Do Red Team Engagements Compare to Penetration Testing?

Unlike a penetration test where the aim is to find as many security gaps as possible, red team operations only require one way into the client's digital environment, like a real threat actor would through a phish or a vulnerable web application.

Red team engagements are highly recommended for mature security environments of companies already regularly engaged in penetration testing and strategically strengthening defenses over time.

Engage Mitnick Security Consulting’s Red Team Testing to:

  • Test the current infrastructure for any gaps that attackers may exploit
  • Improve training for your security team
  • Increase end-user information security awareness (if social engineering is in scope)
  • Evaluate the effectiveness of your IT security defenses and controls
  • Gain insights into those vulnerabilities in order to harden your security

To get started with Red Team Operations, use the form below to contact us. 

GISEC 2019 - Dubai - USB Ninja

The Mitnick Security Advantage

Our Best Tools are Developed by Our Experts

Mitnick Security uses a combination of internally developed tools in addition to open source and commercial tools. The TTP’s we employ have been developed over the last thirty years.

Sophisticated Testing

Our unique collection of attack scenarios go far beyond the capabilities of scanning software to help improve your readiness against real, sophisticated adversaries.

GISEC 2019 - Dubai - USB Ninja
KnowBe4 Con 2019 6
KnowBe4 Con 2019 6
Global Ghost Team

The people on your team make all the difference in your results. Our Global Ghost Team is comprised of the finest security engineers in the world. As an elite brand of thought leaders, we’re proud to continually attract the industry’s best senior security specialists and researchers.

Manual Techniques of Creative Masterminds

Our creative masterminds, the world’s leading “white hat hackers,” are known for their advanced manual techniques that allow them to discover all related vulnerabilities. Our team uses “lateral thinking” to discover chains of vulnerabilities, ensuring we identify and exploit vulnerabilities that an automated scan simply cannot find.

Ears to the Ground

Our engineers have their ears to the ground, constantly researching how newly discovered vulnerabilities are being exploited by attackers, and how to best mitigate that risk for our clients.

How Red Team Operations Work

Kick-Off

Each red team engagement begins on a kick-off call where your team meets our team. We’ll cover the rules of engagement, what areas of your system are included and types of attacks that won’t be deployed (DDOS attacks, the operating hours we are allowed to perform the engagement).

The kick-off call is also when we share plans for clear and open communication to ensure there are no/ minimal disruptions to your network. That may also include choosing to avoid attacks that may cause disruption, such as DDOS (Distributed Denial of Service) attacks.

Red Team Deploys

Our team will be available 24/7 on a channel dedicated to your team, with frequent updates and communication as needed. This important line of communication is frequently used by client security teams to confirm that detected actions are not the work of a real threat actor, so they can react accordingly.

Although you won’t be made aware when we breach your security and gain access to the target data (similarly to a real attack), we notify you immediately if we find any critical vulnerabilities, and again when the test is wrapping up and. We also note any changes we’ve made to the environment (such as account creation or modification) and inform your primary point-of-contact at the end of the testing phase, so they can be promptly removed.

The Rules of Engagement

Before the engagement begins, we’ll discuss the valuable data you consider to be the company’s “crown jewels”. Typically, this includes emails, HR payroll data, compromising sensitive and/or proprietary data. If no specific targets are specified, the team will compromise internal accounts with the ultimate goal of gaining administrative access to the environment.

Clients are also asked to not inform their employees of the scheduled engagement, to ensure we do not raise any suspicion and to ensure they behave as they would normally.

Your Peer-Reviewed Red Team Engagement Results

Once the engagement ends, reporting begins, for a period of time we’ve both agreed upon in advance. Our post engagement reports are an industry gold standard.

This comprehensive, easy-to-explain document will detail exactly what our team did, what they discovered and what they gained access too. But most importantly, we provide each client with the most suitable mitigation strategies for any vulnerabilities we find.

Each report includes a snapshot of your security environment and a list of immediate action items, for big picture discussions with company stakeholders and fast decisions to improve security. Technical administrators can begin fixing problem areas fast, using technical descriptions of the engagement’s activities, methodology, technical findings and technical recommendations, all categorized and structured for immediate action.

Each discovered vulnerability reported includes:

  • A text description of the vulnerability
  • Impact of the issue
  • Steps taken to identify or exploit the issue, with screenshots as appropriate
  • Business or technical risk inherent in the vulnerability
  • Vulnerability classification (Critical, High, Medium, or Low) that describes the risk level as a function of vulnerability impact and ease of exploitation.
  • Technical description of how to resolve the issue

Once you’ve received our report, you have 10 days to review the report before a post-engagement call is scheduled. In that final meeting, both teams are able to discuss the engagement in detail and review the findings while giving you an opportunity to ask questions.

Complete the form on this page to get started.