Red Teaming

Red teaming describes a complete, multi-level simulation of an attack against an enterprise. The entire red team has the main goal of training and measuring your blue team's ability to detect, protect and react when facing a real attack. In comparison with a traditional penetration test, red team assessments often take place over several weeks or even months to allow for a more stealthy and selective approach by the attackers, or the so-called red team.

 

Penetration Test vs Red Teaming

Whereas penetration tests and security assessments often focus on a very specific aspect of your company's infrastructure, its assets and related vulnerabilities. A red team attempts to measure the effectiveness of the whole enterprise (people, technology, processes and physical elements) to defend its IT infrastructure. A red team assessment can answer the question if your implemented cyber security measures, crisis concept, detection mechanisms, processes and monitoring work well together and are able to detect and react to state-of-the-art attacks.

 

Black-Box Approach

To simulate such an attack, the red team is given no information about the target and has to work its way from the outside all the way into the heart of your company's infrastructure. This involves techniques like information gathering via open source intelligence (OSINT), social engineering attacks like phishing and employment of sophisticated, tailored software to gain access and maintain control over the target infrastructure.

 

Mission Possible

In order to challenge the blue team and your company's defenses, the red team exercise is based on missions which are defined in collaboration with the customer. These missions are specifically tailored to your company and usually involve key business-critical assets and systems. This may include access to core systems or sensitive data, modification of the company's public-facing assets or the exfiltration of data.

 

Lessons learned help to raise defenses

As a conclusion of the red team assessment – and simultaneously the most important aspect of it – debriefing workshops are held between the red team and the blue team (your cyber defense team). These workshops serve the purpose of identifying and assessing the capabilities of the blue team, providing it with detailed information about the performed attacks (such as indicators of compromise (IoC) according to the MITRE ATT&CK™ tree), identifying potential blind spots and ultimately improving the overall security posture and resilience of your company.

 

 

We are glad to give you further information: Your contact person

CALENDAR

Security Training: Secure Mobile Apps

In the 2-day course (in German) from October 20/21, 2020, you will learn about the most important security problems of mobile apps. Read more

Cyber-Risiken für Vorsorgeeinrichtungen

Am BVG-Seminar 2020 werden die aktuellsten fachspezifische Themen der beruflichen Vorsorge diskutiert. In diesem Jahr wird aber auch ein Blick auf die... Read more

Security Training: Social Engineering

In the 2-day course (in German) from December 1/2, 2020, you will get to know and understand the methods, tools and tricks of social engineering. Read more

ALL DATES

NEWS

Durch Penetrationstests Unternehmen sicherer machen

Die aktuelle Ausgabe des Magazins «Deutscher Mittelstand» befasst sich in mehreren Artikeln mit dem Thema Cybersicherheit.

In einem dieser Artikel...

Read more

Vulnerability in Mailster

Thierry Viaccoz identified an XSS vulnerability in Mailster (email newsletter plugin for WordPress). Read more

Secure Payments on th Internet

More and more goods and services are bought and paid on the internet. Ivan Bütler summarizes security relevant information on online shopping and... Read more

ARCHIVES

Compass Security Blog

Make the most out of BloodHound

During internal assessments in Windows environments, we use BloodHound more and more to gather a comprehensive view of the permissions granted to the different Active Directory objects. In this post,... mehr

Yet Another Froala 0-Day XSS

Compass found a DOM-based cross-site scripting (XSS) in the Froala WYSIWYG HTML Editor. HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can... mehr

ZUM BLOG