What is tested
- Threat response, detection, and investigation processes
- Social engineering training processes and prevention capabilities
- Internal monitoring and detection capabilities
- Potential compromise paths
- Endpoint protection systems, policies, and configurations
- Wireless configurations and employee training on dealing with wireless attacks
- A comprehensive framework for customer-tailored red team engagements
- A lot of time spent on internal research
- An established private tooling development process
- Additional attention paid to social engineering, OSINT, or on-site activities that are usually left out-of-scope for compliance penetration tests
- A demonstrated ability to simulate a known APT group
Red Teaming ENGAGEMENT
The white paper document explores the methodology, testing process, planning, preparation, and expected deliverables.
The Attack Lifecycle
The team conducts external reconnaissance of the target organisation and its public-facing infrastructure
The offensive operations team conducts a variety of attacks ranging from social engineering to exploitation. The ultimate goal of the step is to obtain initial access to the organisation.
Persistence, escalation, and lateral movement
The team explores opportunities for expanding access and ensuring persistence.
Achieving the objective
The privileges and access obtained are leveraged to achieve the goal of the test, like exfiltration or critical infrastructure access.
Debriefing and purple teaming
After the report is written, the team conducts the debriefing and provides recommendations. If any allocated time is left, the team works with the blue team to develop new detections and mitigation strategies.