During our Red Teaming operations a planned (cyber-)attack will be staged on your organization. This allows you to find out how effective your security measures towards detection and reaction are in peacetime. While using the optimal attack simulation we will put all our effort into taxing, training and hardening your defenses (Blue Team).
Prior to an operation a joint discussion will allow us to select the right attack type to be used in the simulation. It could be a malicious or disgruntled internal employee, a foreign actor solely operating off the Internet, or an actor capable of bringing an in-person visit to one of your corporate locations. With our multiple years' of experience we will gladly help you putting together the most effective approach.
While the operation is ongoing our team will vigorously put the detection and reaction capabilities of your organization to the test. However, our target is not to push you in checkmate position directly, and to show you in a flashy presentation how we managed to plant flags on all your targets without being noticed. No, our operation is successful when we have engaged in a challenging game of chess with your organization. After having secured our positions we will leave deliberate tracks by dropping a few stitches here and there. Very subtle, or really loud when necessary. So we can witness the things you detect and how you anticipate to our moves. Exactly this makes Red Teaming an invaluable and informative training for your organization.
The entire operation will be accurately recorded from beginning to end. This recording can be replayed at any moment during the process during the post-operation evaluation for your team. Step by step we analyze every move that took place within the operation/timeline. A detailed report will outline all resulting attention points and to-the-point recommendations.
After finishing the operation many new measures may be taken or existing ones sharpened. In this phase we will help during implementation and testing by replaying specific attacks again to gauge the effectiveness. In addition, oftentimes operations will have a follow-up in the form of various workshops to increase security awareness within the Blue Team or to train internal Red Teaming specialists present.
A strong Red Team primarily relies on experience and diversity within the team. When combined all knowledge needs to be present to deal with all possible technologies and situations in high-intensity environments. And with just the best offensive experts you do not win all battles. An essential part of our team is the fact that the experts in it have operated in both large national and international organizations on the defensive side within Security Operation Centers, fraud departments and software teams.
Yorick Koster - Remco Vermeulen - David Vaartjes - Han Sahin - Kin Hung Cheng - Robert Hartshorn - Pham Duy Phuc
Together we start compiling a list of targets and attack scenarios. Which simulation will be executed and what are the permitted or forbidden actions. In close cooperation we will create a plan. In a detailed manner, we will explain our course of action and the proposed strategy to realize your goals as effectively as possible.
Based on the type of operation we will start gathering information, creating a plan of attack (scenario) and setting up the necessary offensive infrastructure.
During this phase the actual attacks will take place. These will differ greatly and of course highly depend on the operation type. Examples can be various sorts of social engineering attacks, workstation infestations and an attacker gaining physical access.
A common scenario is when an attack is simulated taking the perspective of an attacker who has already secured access to a standard workstation. In this case our team has access to a company laptop and this will be the starting point of the operation. Or perhaps a simulation in which we try to gain a foothold in your organization and start this without any access secured (yet).
The length of this phase relies on each attack simulation and varies from 4 to 5 weeks or even a number of months. Some attacks need to be performed over the course of a prolonged period to remain under the radar where required.
Now the operation is finished we will sit down together with the Blue Team in order to compare the attack plan and timeline in detail. A conclusion can be drawn towards the goals that were achieved, which issues were detected by the Blue Team and things that went unnoticed. With this we can jointly identify any weak spots in your organization and propose measures to counteract them.
After the evaluation, often additional measures will be implemented. In this phase we often provide support when implementing and testing new measures by replaying specific attacks so the effectiveness can be quantified. Additionally frequently awareness workshops will be organized for the Blue Team to, with the findings of the operation still being fresh, increase awareness within the Blue Team itself and potentially present internal Red Teaming specialists.
Our specialists are glad to drop by at your company to present to you our vision, experience and approach. Together we can then find out how Red Teaming will best fit your requirements, goals and budget.