Retest performs security scanning

Red Teams gives a real inside/outside perspective

A red team exercise is a series of realistic attack scenarios played out. It is a so-called black box test where the consultants (whitehat hackers), using both general pentesting tools and tools made for the specific task, try to exploit vulnerabilities across your organization. This is done without any interference or assistance from your side. The Red Team exercise is not limited to a single system, but to all available systems.

Benefits of ReTest Red Team

  • OSINT – Learn what information an attacker can find out about you that can be exploited in an attack
  • Document how a realistic attack can be carried out and how far attackers can get into your business
  • Find out how your cyber defense would fare
  • Uncover the consequences of an attack

 

The Red Team exercise presents you as you look from a hacker’s perspective

When a hacker targets your business, it often happens through systems where monitoring and security are not prioritized. For example, test systems that have been mistakenly made available on the network or proprietary applications that have not been security updated. By compromising one of these systems, the hacker will be able to gain access to your underlying network and internally accessible applications. The way in can also present itself from many other angles.

A red team follows the methodology of a targeted hacker attack, where information gathering is a significant part of the test. This gives you a real inside/outside view of which systems a hacker will typically target.

How is a red team exercise performed?

The consultants perform a passive information gathering based on an open source intelligence (OSINT) approach. Here, relevant information about your systems, setups and employees is mapped. Then an active intelligence gathering is performed using pentesting tools that examine the systems that have been assessed as relevant. If these systems have known vulnerabilities, these will be exploited as the next phase of the test, in order to document that we can gain access to the systems. The following elements will – as far as possible – be included in our red team exercises:

  • Attempts to bypass physical access control.
  • Mapping the attack surface.
  • Social Engineering (phishing tests etc.)
  • Planting equipment on network (physical)
  • Web application testing and attacks on remote facing systems
  • Credential stuffing (testing leaked passwords)
  • Testing potential vulnerabilities on exposed devices

How often is a red team exercise performed?

A red team exercise is extensive. It is typically performed once every one to two years at larger organizations. If extraordinarily large changes are made or new critical systems are implemented in the infrastructure, this may also be the reason. If you move to a new location with new physical security controls, this can also be a reason for a red team exercise.

The exercise may also come into play if the board decides that a realistic test of cybersecurity is needed after investing in the area.

Reporting

The work culminates in the preparation of a detailed report that documents the choice of methodology and test cases and provides prioritization of vulnerabilities and suggestions for mitigation. The report will be in two parts, a management summary that briefly describes your current IT security level in non-technical terms and then a technical section describing the vulnerabilities found and, most importantly, how to fix them and thus make a potential attack more difficult. We would like to hold a debriefing meeting with your IT people and a separate meeting for the rest of management.

Get in touch with us below to receive a dummy report.

I would like to receive a call

Use the contact form and we will call you back within 12 hours.

5 + 4 =

Contact us

Phone number

+45 77 41 44 14

Email

[email protected]

Address

Hørkær 26
2730 Herlev, Denmark