Red teaming

Simulate real attacks
simulate attacks

What is a Red Teaming

Red Teaming is an exercise in which an organization is attacked by hackers. The group of hackers carrying out the attack is called the Red Team.

  • Red Teamin aanval

    Stage a real attack

    We attack your organisation, while you try to defend & mitigate.

  • Evalueer mogelijkheden

    Measure capabilities

    Evaluate your detection & response capabilities.

  • Vergroot veerkracht door Red Teaming Test

    Increase resilience

    Learn from a specific scenario to minimize real damage from a real attack.

  • Investeer obv Red Teaming Test

    Invest strategically

    Ground your security investments in evidence and real numbers.

Our team

We stage a planned (cyber) attack on your organisation while recording every step.


Your team

You try to detect & mitigate the incoming attack.


Red Teaming: A serious game

So you think your code, product and infrastructure are rock solid? Now it is time to test how your organization, your people and your processes deal with a real cyber threat.

Red Teaming is the ultimate test for organizations that have already developed a base maturity level in their security. By measuring how you react to a real attack, you can further ramp up your resilience and base your security investments on real insights and numbers instead of gut feeling and assumptions.

Our team

Meet your opponent

Our multidisciplinary team of seasoned and highly motivated professionals will stretch you to your limits to detect and mitigate the incoming attack.

Our typical team looks like this:

  • Red team lead
  • Sociaal engineering expert
  • Windows and Active Directory guru
  • Monitoring specialist
  • Malware-expert
Blue Team

Your Blue Team

The specialists in the Blue Team form the defence. This team is all about detection and prevention. It is their day job to ensure that the IT environment is secure. That someone without rights cannot get into systems and hackers cannot steal data or money. The goal is to neutralize all threats as quickly as possible.

The security guards also have all kinds of systems and methods at their disposal. Think of MFA, email filters, a SOC (Security Operations Center), SIEM (Security Information and Event Management), patch management and so on.

Your red teaming options

Based on level of sophistication.

  • Lichte Red Teaming Test

    Low - medium attacks

    Fully Tiber NL/EU aligned

    Entry-level attacks based on popular techniques that are relevant to your business.

  • Zware Red Teaming Test

    Medium - high attacks

    Fully Tiber NL/EU aligned

    Highly sophisticated and custom attacks that are nearly impossible to defend against.

Request a quote

Man typing document

Fair play

Winning the Red Teaming exercise is not our goal. We want to provide you with as many actionable insights as possible. Immediately after starting the attack, we keep you up to date and support you in your decision-making process.

The best lessons are learned when you operate just outside your comfort zone. Once we notice that you can successfully prevent, detect and respond to basic attacks, we slowly ramp up our sophistication level and stretch you to your limits.

red teaming metrics matrix

We ♥ Metrics

Our Red Teaming approach is based on the Unified Kill Chain (UKC), a science-driven real-world attack model that goes beyond the initial foothold phase and also takes network propagation and action on objectives into account.

By combining UKC metrics with the Mitre ATT&CK framework, we can generate a powerful number-driven overview of how your organisation has performed during the Red Teaming exercise.

The Red Teaming process

A Red Team Test always proceeds according to a preconceived plan. The scope, duration and purpose of the test is determined in consultation with the client.

The exploration

This is followed by the reconnaissance phase, in which the red team collects as much information as possible about the organization, the existing systems and the target of the attack. For example the crown jewels. The scenario is also created during this phase. The choice of scenario depends on how mature the IT security of the organization is. And whether an organization wants to know whether they can withstand a certain TA, where they will recreate the path of a certain TA.

The Red Teaming Test

This is followed by the Initial Foothold with which access to a system, a workplace or a user account is obtained. Once inside, the Red Team tries to extend control by increasing user permissions. They also try to achieve remote control over internal resources in the network. Then the search for the most valuable assets of the organization starts. Consider, for example, access to the payment system. This is the Trophy Hunt.

Yorick Koster, co-founder of Securify often has the role of Team Lead at Red Team Testing.


"Our Red Teams work according to the Unified Kill Chain (UKC). A method that maps all steps in an attack by hackers. We follow the same structure."

After the Red Teaming Test

After the test, the client is presented in a findings meeting what the Red Team has done and how far they have come. An extensive report also contains recommendations and advice for improving security. If desired, an advisory process can be started. In an advisory process, our security specialists help to solve the identified issues.

Want to execute a Red Teaming exercise?