Red Teaming

Red teaming describes a complete, multi-level simulation of an attack against an enterprise. The entire red team has the main goal of training and measuring your blue team's ability to detect, protect and react when facing a real attack. In comparison with a traditional penetration test, red team assessments often take place over several weeks or even months to allow for a more stealthy and selective approach by the attackers, or the so-called red team.

 

Penetration Test vs Red Teaming

Whereas penetration tests and security assessments often focus on a very specific aspect of your company's infrastructure, its assets and related vulnerabilities. A red team attempts to measure the effectiveness of the whole enterprise (people, technology, processes and physical elements) to defend its IT infrastructure. A red team assessment can answer the question if your implemented cyber security measures, crisis concept, detection mechanisms, processes and monitoring work well together and are able to detect and react to state-of-the-art attacks.

 

Black-Box Approach

To simulate such an attack, the red team is given no information about the target and has to work its way from the outside all the way into the heart of your company's infrastructure. This involves techniques like information gathering via open source intelligence (OSINT), social engineering attacks like phishing and employment of sophisticated, tailored software to gain access and maintain control over the target infrastructure.

 

Mission Possible

In order to challenge the blue team and your company's defenses, the red team exercise is based on missions which are defined in collaboration with the customer. These missions are specifically tailored to your company and usually involve key business-critical assets and systems. This may include access to core systems or sensitive data, modification of the company's public-facing assets or the exfiltration of data.

 

Lessons learned help to raise defenses

As a conclusion of the red team assessment – and simultaneously the most important aspect of it – debriefing workshops are held between the red team and the blue team (your cyber defense team). These workshops serve the purpose of identifying and assessing the capabilities of the blue team, providing it with detailed information about the performed attacks (such as indicators of compromise (IoC) according to the MITRE ATT&CK™ tree), identifying potential blind spots and ultimately improving the overall security posture and resilience of your company.

 

 

We are glad to give you further information: Your contact person

CALENDAR

Security Training: Social Engineering

In the 2-day course (in German) from June 9/10, 2020, you will get to know and understand the methods, tools and tricks of social engineering. Read more

it-sa 2020

Europas führende Fachmesse für IT-Sicherheit findet vom 06. - bis 08. Oktober 2020 im Messezentrum Nürnberg (DE) statt. Reservieren Sie bereits heute... Read more

ALL DATES

NEWS

Sicherheitsrisiken erkennen und reduzieren

Im «KMU Magazin» gibt Security Analyst Fabio Poloni Tipps, wie KMU sich gegen Cyberangriffe wappnen können.  Read more

Vulnerability in the Windows Task Scheduler

Sylvain Heiniger identified a vulnerability in the Windows Task Scheduler. Read more

Ransomware-Attacke: Datendiebe erpressen Schweizer Unternehmen

Die Schweizer Herstellerin von Schienenfahrzeugen Stadler Rail AG wurde Opfer einer Cyber Attacke. Das Vorgehen der Angreifer sei typisch, sagt... Read more

ARCHIVES

Compass Security Blog

Relaying NTLM authentication over RPC

Since a few years, we - as pentesters - (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for... mehr

Reversing a .NET Orcus dropper

In this blog post we will reverse engineer a sample which acts as downloader for malware (aka a “dropper”). It is not uncommon to find such a downloader during DFIR engagements so we decided to take a... mehr

ZUM BLOG