Adaptive Red Teams

We simulate advanced adversaries seeking to compromise your network and obtain defined sensitive “trophies.” We test both the feasibility of achieving trophies and the detection and response processes that your defenders exercise against threat actors.

Overview

Recon

1-2 Weeks

OSINT

Analyze Attack Surface

C

Plan

2-3 Days

Prioritize Plans

Create Phased Attack Maps

C

Prep

2-3 Days

Approve Plans

Setup Infrastructure

C

Attack

5-6 Weeks

Execute Plans

Attempt to Obtain Flags

C

Report

1 Week

Report Results

Discuss Mitigations

Planning and Threat Modeling 

Preparation Workshops

We conduct a workshop with you to discuss logistics, TTPs, and rules of engagement for the Red Team. The workshop further defines the trophies and goals for the exercise.

Threat Modeling

We model threats against the organization, including perimeter services and human resources. Threat modeling enables us to prioritize pursuit of both practical (exploitable) and more theoretical (what-if scenario) threats to the network, including identification of key system components, communication protocols, data flows, and integration with in-house, cloud and third-party systems.

Red Team Technical Testing

We will use combinations of Red Team techniques, over an extended period of time and emphasizing stealth operations, in attempts to capture the trophies:

  • Targeted Penetration Testing and Web Application Testing
  • Spear Phishing and Social Engineering Phone Calls
  • Multifactor Authentication Bypass
  • Persistent Remote Access
  • Service Desk Password Reset
  • Any other technical tactics are required to acquire the flags

We follow the path of least resistance and only escalate attack methodologies when initial attempts fail.

Red vs. Purple vs. Pen

Red Team

Objectives:

  • Demonstrate the stealthiest path to compromise
  • Obtain pre-set flags such as application admin access or intellectual property

Approach: Low and slow with minimal knowledge of the test among stakeholders

Duration: 6-12 weeks

Output: Report describing path to compromise, strengths, and gaps

Purple Team

Objectives:

  • Simulate many attack patterns to measure defense effectiveness and identify areas to shore up in defensive tools
  • Align to MITRE ATT&CK framework

Approach: Technical workshop with side-by-side, wide range of participants

Duration: 1-3 weeks, conducted quarterly

Output: Defense success metrics report, MITRE ATT&CK heat map, improved detection configurations for SIEM and other tools

Penetration Test

Objectives:

  • Assess internal and external networks for common and custom security flaws that can lead to widespread access to sensitive systems and data

Approach: Time-boxed using a mix of manual and automated techniques for efficiency, all stakeholders have knowledge

Duration: 2-4 weeks

Output: Report describing observations, impact and recommendations for all identified vulnerabilities