RED TEAMING VS. PENETRATION TESTING
As opposed to traditional testing, Red Team attacks are multi-layered and focus on the objectives rather than on the method, allowing our team to think outside the box to create innovative scenarios you may not have planned or prepared for, allowing to you to identify blind spots in your defence strategy. A Red Team attack scope primarily defines the don'ts (i.e. what cannot be done) rather than the do's, leaving our Red Team as unrestricted as an attacker would be.
Steps we follow during Red Team process:
Your lead consultant will discuss the objectives of the assessment as well as the methods, techniques and systems excluded and included from the scope of the exercise. You can also ask for specific methods to be included if you need to test a particular process or policy (access card cloning, random dropping of USB infected sticks, etc).
Timeframes will be discussed and agreed prior to commencement and will depend on the level of sophistication desired.
You will be notified one day prior to commencement by your lead consultant. Our Red Team will remain anonymous to not influence the results of the attack one way or the other.
Our Red Team will conduct reconnaissance activities, including physical surveillance, intelligence gathering, cyber scanning, to identify potential gaps in security controls and craft targeted and concerted attack scenarios which they will then execute.