Adversary simulation (“Red Teaming”) assessments are scenario-based penetration tests that focus on achieving specific goals within the infrastructure, rather than discovering all potential vulnerabilities.

During the test, a complete path is developed either from the outside networks or from initial employee-level access with no prior knowledge of the infrastructure to the internal protected segments and hosts of the network. The goal of the assessment may vary from compromising target hosts and services to sensitive data exfiltration.

Read more about the difference between Red Teaming and Penetration Testing

Goals and Objectives

• Test threat response, detection, and investigation processes
• Test social engineering training processes and prevention capabilities
• Test internal monitoring and detection capabilities
• Discover potential compromise paths
• Test endpoint protection systems, policies, and configurations
• Test wireless configurations and employee training on dealing with wireless attacks

Red Teaming in action

After gaining initial access by exploiting external services, applications, or by using social engineering attacks, internal services, applications, servers, and personal machines are tested for any vulnerabilities that may allow lateral movement to other hosts and segments in the network.

Segmentation flaws are also taken into account at this stage, as they may allow the attacker to gain access to restricted regions of the infrastructure.

The penetration tester may also exploit vulnerabilities in the employee-owned machines, install keyloggers and screen grabbers, use saved passwords of the machine’s users to gain authentication credentials to internal services and applications.

Attack surface mapping

• For large organizations, attack surface mapping may be conducted separately or as a part of a larger red team engagement. The results of the activity provide a detailed breakdown of the external/internal attack surface of the organization and the discovery methods used.
• The report could be delivered separately and used during the audit to highlight any discrepancies between internal documentation and the exposed assets.

Focused Red Teaming

• Tenendo conducts focused external and internal attack simulations aimed at a specific objective set beforehand, which depends on the nature of the business of the Customer.
• The testing is conducted following the Tenendo Red Teaming Methodology, provided separately, and aims to comply with industry standards around red teaming.
• Tenendo chooses attack scenarios based on experience and industry trends, but can simulate a particular scenario if required to evaluate a particular aspect of the target organisation’s security processes.
• If necessary during the due diligence process, Tenendo can focus the engagement on a particular attack step (e.g. obtaining initial access).
• To cover more attack surface and optimise engagement cost, Tenendo can break down the attack into several steps and conduct them separately and in parallel (e.g. obtaining initial access, internal on-premise post-exploitation, cloud post-exploitation, etc.)
• The deliverable of a focused red teaming engagement is a detailed report covering the following:
  • A high-level executive summaryThe attack scenarios developedThe tools and techniques developed specifically for the engagementThe timeline of the activities helps correlate telemetryThe results of the testing and the separate vulnerabilities discovered
  • Both high-level and detailed technical recommendations

Assumptions for Focused Red Teaming

• Cybersecurity maturity: The organisation has established detection, monitoring, and cybersecurity governance processes that need to be tested.
• Penetration testing and hardening: The organisation has a demonstrable track record of conducting vulnerability assessments and penetration tests, and red teaming would be more helpful for due diligence than a regular VAPT.
• Project setup: The organisation is familiar and comfortable with the concept of red teaming and is able to set up external or internal attack simulations without compromising the integrity of the engagement.
• Infrastructure complexity: The target organisation has a complex and vast digital infrastructure that warrants an attack simulation and exposes a significant external/internal attack surface.