Red Team Assessment
From phishing to network exploitation, understand and improve your cyber defense with scenario-based, multi-layered attack simulations to reduce risks of hacking
Understand where your business can be disrupted by thinking like a hacker
Keeping your business safe is getting harder. Red Teaming is a scenario-based approach in which our operatives will try to obtain pre-defined crown jewels, using adversarial Tools, Tactics and Procedures to assess how your organization (blue team) hold up against different attack scenarios, and present a realistic view of your security defense.
Performed by Outpost24's Ghost Labs, our team consists of highly skilled ethical hackers covering a wide range of advanced testing services from social engineering to network exploitation to help companies keep up with evolving threats targeting their businesses.
Why red team assessment?
There are many reasons for performing a Red team assessment, the bottomline however is that Red Teaming is never a replacement for other security solutions. Red Teaming rather, is a tool to measure your assumptions:
- Awareness
Not necessarily a full assessment including all aspects of Red Teaming, but focusing on certain areas with the goals of measuring and increasing awareness. Main drivers: Security awareness, opportunity for IT (security) team - What-if or How far will you get?
You know your organization is lacking security in certain areas, but you want to confirm this with a realistic attack scenario. Main drivers: Showcase need of security or a step above a limited pen test scope - Increasing resilience
You have invested a lot in security and now want to put all your efforts to the test. How secure are we, really? Main drivers: Measure and increase security measures/Blue team
Red teaming service features
Open Source Intelligence Gathering
The target can be an individual, a group of staff, a physical location or a technical asset. Our OSINT specialist will gather data relates to the defined target and provide a risk analysis of the digital footprint
Social Engineering - Phishing
We craft custom phishing emails and associated landing pages, send it out to targeted employees and report back statistics on a group-level
Social Engineering - Media Baiting
Custom printed USB drives or other media will be prepared with weaponized documents/files. In doing so we can assess the awareness of employees awareness on malicious media
Social Engineering - Physical Penetration Test
Combine physical security assessment and social engineering tactics to obtain access to the client’s premises
External Network Exploitation
Assessment of the client’s external (perimeter) systems and controlled exploitation of these systems in order to breach the perimeter and gain access to the (internal) network or sensitive data
Internal Network Exploitation
Assessment of the client’s internal network through exploitation of security misconfigurations, outdated hard- and software, captured credentials from phishing, network sniffing and many other techniques to pivot through the internal network
Follow-up Workshop
Tailored follow-up sessions, range from a (technical) session to discuss the findings, to an in-depth workshop with the blue team through simulation to jointly improve detective/responsive actions
Performed by Ethical Hacking Experts
With a strong root in ethical hacking, all red team assessments are performed by our Ghost Labs - experienced and certified ethical hackers to ensure it meets the compliance standards and requirements
Red teaming package overview
| Services packages | Focus (2 choices) | Explore (3 choices) | Navigate (4 choices) | Evolve (bespoke) |
|---|---|---|---|---|
Open Source Intelligence Gathering |  | | | |
Social Engineering - Phishing | | | | |
Social Engineering - Media baiting | | | | |
Social Engineering - Physical penetration test | - | | | |
External Network Exploitation | - | - | | |
| Internal Network Exploitation | - | - | - | |
Follow-up Workshop/Seminar/Presentations | | | | |
| Awareness Training | Adversarial Simulation | |||
How red teaming works?
Determine crown jewels and definitive scope
Perform initial OSINT and create custom attack scenarios for our clients
Determine execution schedule and set Go/No-Go parameters.
Execution of scenarios per human- physical- and cyber-element
Throughout we will make observation of which we will collect appropriate evidence
Reporting by default will include a management summary and a collection of observations
Each observation will be addressed based on the estimated severity and will include a tailored solution
The overall report will describe how the attack against our clients unfolded from initial reconnaissance to exfiltration
On-site workshop with Blue team to discuss the attack scenario or have an IOC discussion
Help in creating prioritized actions and alignment with existing security roadmaps
"To get your customers trust is a very difficult thing to attain. And once you have it - it is very easy to lose again! We are building secure systems that improve our customers lives and protects their privacy. This is the core of our success"
Private Box
Get More Information about red teaming
Red teaming webinar
Pen Testing Whitepaper
Datasheet
Red teaming news
Your security can't wait. Get in touch now.
With a global presence our technical and sales teams and partners aim to serve our customers with local know-how.
Fill out the contact form and one of our security experts will get back to you within 2 working days.