(Physical) Red Teaming

Red Teaming is the simulation of real-world attacks: virtually via the network or physically on-site. Common methods include exploiting technical vulnerabilities, organizational weaknesses, phishing emails, and other social engineering techniques. We also offer standalone phishing campaigns.

Why Red Teaming

s

Our top reasons for Red Teaming:

  • To find out if and how attackers can infiltrate your company (unnoticed) and move laterally
  • Uncovering technical and organizational vulnerabilities, such as gaps in processes
  • Determining whether attacks are detected and if defense mechanisms are effective
  • Insight into the attacker mindset: How do attackers perceive your company, and where are they likely to strike first? This allows you to specifically reinforce these areas.
  • Simulating a ransomware actor: Is it possible to exfiltrate your data, encrypt systems, and disable backup infrastructure to subsequently issue ransom demands?

 

When to use Red Teaming

In our view, the best times are:

  • The best time was yesterday, the next best is today—the goal is to ensure realism, so we don’t wait for a “perfect state” four years from now.
  • Ideally, you have already implemented attack detection mechanisms, such as a SIEM, that we can test against.

 

Results

i

Typical results of Red Teaming include:

  • (Chains of) vulnerabilities in technical components and organizational processes that could be exploited in attacks against your company
  • Insights into how effectively you detect virtual/physical attacks
  • Insights into how effective your measures are at locking out (virtual) intruders
  • Answers to specific questions, such as whether attackers can take over your backup servers

 

What we need from you

For Red Teaming, we need from you:

  • Authorization from a responsible authority
  • Contact details and availability for a small circle of insiders
  • If you want to save on project costs: certain information, such as domain names, IP address ranges, and email address lists
  • Together, within the framework of the Rules of Engagement (RoE), we define the ground rules and objectives, such as:
    • Permitted attack surface and methods
    • For Physical Red Teaming: Addresses of the target buildings
    • Attack scenarios: You can choose between standard scenarios, such as simulating ransomware actors, and individually tailored scenarios

 

Project in Planning?

Whether it’s a pentest, red teaming, or a custom request –
we look forward to speaking with you!

Contact
Configurator