Red Team Operations

Selkirk Cyber offers Red Team Assessments which is similar to Penetration Testing but has a few key differences. Red Team operations will have a specific goal as set in the rules of engagement prior to the start of the assessment. The goal isn't to find as many vulnerabilities as possible (like a pentest or vulnerability assessment), but to test the organizations detection and response capabilities. It may include WiFi pentesting, social engineering and other TTP's which other assessments may not include. Red Teaming should help answer the following questions:

  • "Would our team or 3rd party IT service provider even detect a threat actor on our network?"
  • "How far could an attacker get in our network if they gained access?"
  • "Could they gain access to our most sensitive systems or our organizations crown jewels?"

A Red Team operation should simulate the whole gambit from testing the current implemented security features through detection and response.

Red Team Assessment Process

Scoping

Getting the scope of systems along with outlining the mission objective is discussed as the first steps. The timeframe to conduct a Read Team Assessment will vary depending on the scope of the network(s) and business needs. Typically a normal assessment would be 2 to 3 weeks plus an additional 1 week for the report to be delivered. These dates can be extended or reduced depending on business needs.

Discussing whether the operation should start off internally or externally will be part of these initial steps too. One option is to start externally, then if initial access cannot be obtained within n number of days, go internally with the assistance from users "in the know". This can be done to simulate an insider threat or to simulate as if a remote attacker had already gained access.

Rules of Engagement

Selkirk Cyber will also provide a baseline of the Rules of Engagement (RoE) which outline Tactics Techniques and Procedures (TTP's) that will be used during the pentest along with what's' off-limits. These can be discussed to include additional onsite red team activities such as WiFi operations, phishing, or other red teaming TTP's.

Red Team Operation

Once the in-scope items are set along with the agreed upon RoE, we'll get a date and timeframe set, then begin the red team engagement. Selkirk Cyber will predominantly conduct the operation off-hours during the week, as well as weekends. These times can differ depending on requested TTP's and the RoE, primarily in regards to successful social engineering attempts. Operators are all qualified US citizens and will never be outsourced to a foreign country.

Reporting

The report will contain the exploitation path and chain of attacks used to complete or attempt to complete the mission objective. A Proof of Concept detailing the methods used will also be outlined in the report. Since a Red Team Assessement isn't finding a bulk number of vulnerabilities, the report format will be in more of a timeline of what was found and how it was done.

Get Started

After a red team assessment is complete, your business will know if the mission objective was successful, what vulnerabilities were discovered, what machines were accessed and how they were accessed, along with any detection or incident response activities that were triggered as a result of the read team engagement.

Specializing in security, we offer competetive pricing and a more tactical approach to network security than the big box IT service providers. These providers typically don't specialize in security and may outsource the tasks to foreign entities. If you'd like to utilize our Red Teaming services please contact us to get started.