Red Team—a simulated cyber attack on your organisation

Our Red Team services use advanced techniques to test your organisation’s security measures, including social engineering, physical security testing, and network penetration testing.

Discuss your requirements

What is tested

  • Threat response, detection, and investigation processes
  • Social engineering training processes and prevention capabilities
  • Internal monitoring and detection capabilities
  • Potential compromise paths
  • Endpoint protection systems, policies, and configurations
  • Wireless configurations and employee training on dealing with wireless attacks

Our offer

  • A comprehensive framework for customer-tailored red team engagements
  • A lot of time spent on internal research
  • An established private tooling development process
  • Additional attention paid to social engineering, OSINT, or on-site activities that are usually left out-of-scope for compliance penetration tests
  • A demonstrated ability to simulate a known APT group

How we do it

Attack surface mapping

When conducting a black-box adversary simulation, the offensive operations team creates and updates a map of external assets and information related to the scope of work. They use open-source intelligence (OSINT) and active reconnaissance techniques alongside traditional penetration testing methods. The collected information includes publicly available data about the targets, external infrastructure details, and security applications in use. This comprehensive set of target objects with enriched information is continuously maintained.

Tactics, Techniques, and Procedures (TTPs):

Tactic: Credential Theft

  • Technique: Phishing emails with malicious links or attachments to harvest credentials.
  • Procedure: Use spear-phishing campaigns targeting specific individuals within the organization, followed by credential harvesting tools and techniques.

Tactic: Lateral Movement

  • Technique: Exploit known vulnerabilities in unpatched systems to gain access to other parts of the network.
  • Procedure: Utilize tools like Mimikatz or BloodHound to exploit vulnerabilities, escalate privileges, and move laterally across the network undetected.

Tactic: Data Exfiltration

  • Technique: Encrypt sensitive data and exfiltrate it using covert channels.
  • Procedure: Employ custom malware or tools like FTP, HTTP, or DNS tunneling to bypass detection mechanisms and transfer data to external servers.

Tactic: Command and Control (C2)

  • Technique: Establish communication channels with compromised systems to control and manage malicious activities.
  • Procedure: Set up resilient and covert C2 infrastructure, such as domain generation algorithms (DGA), to maintain persistent access and evade detection.

Tactic: Evasion and Obfuscation

  • Technique: Modify malware or attack vectors to evade antivirus solutions and detection mechanisms.
  • Procedure: Use packers, obfuscation techniques, and polymorphic malware to alter file signatures, behaviors, and indicators of compromise (IoCs), making detection and analysis challenging.


The white paper document explores the methodology, testing process, planning, preparation, and expected deliverables.



Tenendo constantly upgrades its internal toolkit to stay on top of the latest tactics, techniques and procedures.


Tenendo’s internal processes cover research for new initial access, lateral movement, escalation or persistence methods.


The team supports a knowledge base for techniques used in previous engagements to ensure consistent success.


Experience in offensive-specific development allows the offensive security team to emulate an arbitrary known attacker.

The Attack Lifecycle


The team conducts external reconnaissance of the target organisation and its public-facing infrastructure

Initial compromise

The offensive operations team conducts a variety of attacks ranging from social engineering to exploitation. The ultimate goal of the step is to obtain initial access to the organisation.

Persistence, escalation, and lateral movement

The team explores opportunities for expanding access and ensuring persistence.

Achieving the objective

The privileges and access obtained are leveraged to achieve the goal of the test, like exfiltration or critical infrastructure access.

Debriefing and purple teaming

After the report is written, the team conducts the debriefing and provides recommendations. If any allocated time is left, the team works with the blue team to develop new detections and mitigation strategies.

Related Tenendo Services:

Security Awareness Training

Elevate your organization’s cyber resilience with our Security Awareness Training featuring real-world phishing simulations. Equip your team with the knowledge to identify and thwart phishing attacks, fostering a vigilant workforce that plays a key role in safeguarding against evolving cyber threats.

Red Team Engagement

Heighten your security resilience with our Red Teaming Exercise, incorporating advanced phishing simulations. Uncover vulnerabilities and fortify your organization against cyber threats through realistic and targeted scenarios.


Through cleverly crafted messages or websites, phishing grants attackers initial access to confidential data by exploiting human trust.

Your Cyber Resiliency is Our Passion

get a quote