What is it?
A Red Team exercise is an all-out attempt to achieve the defined objectives by any methods available, and usually includes internal and external penetration testing, compromising wireless networks, physical access, and other social engineering techniques.
Ready or not
Red Team exercises are performed using a black-box testing approach where no prior information about the target organisation is given. In addition, during a Red Team engagement the defending side are often unaware of the exercise and is expected to respond as it would during a genuine attack.
These will include:
- Evading defences and gaining a foothold
- Obtaining administrator user privileges, remote access and lateral movement
- Once inside the system, acting on the objectives and the exfiltration of data
Thinking like an adversary
Claranet Cyber Security follows the seven stage cyber attack lifecycle, coupled with the Mitre ATT&CK framework for the latter assessment stages. Discovery of all security weaknesses are reported with a response improvement plan.