Red Teaming

The scenario creation phase typically takes the form of a risk workshop, attended by key stakeholders in your organisation and the Red Team.

During this session, there will be a debrief of the threat intelligence (TI) detailing which threat actors are deemed to be most likely to target the organisation and a brief overview of the tactics and techniques which the threat actors have been seen to utilise. This information is then used to construct the scenarios to be played out during the next phase of the engagement.

We work with you to determine target systems. We have a robust and mature risk management methodology for testing live production environments. Paramount to this approach is a collaborative style to safeguard organisations and their interests while ensuring communication throughout.

During the workshop, we will work with you to introduce ‘fail-safes’ and additional controls to manage the engagement.

This phase constitutes the bulk of the testing, and our Red Team will execute the agreed scenarios. The team will work through the cyber kill chain in a cyclical methodology which will allow for the testing of people, processes and technology within your organisation, resulting in an accurate assessment of your defensive capability.

We make use of bespoke capabilities that simulate actions and attack methods of sophisticated threat actors. This unique tooling
allows for the use of a vast range of techniques and the simulation of a range of threat actors. The Red Team will customise the tooling to fit the individual scenario and the threat actor being simulated.
As the engagement progresses, we work towards gaining access to the defined objectives. This is typically achieved by cycling through the cyber kill chain until it is in a position where sufficient intelligence and privilege have been achieved to allow for access to the target systems.

All actions taken throughout the engagement will be logged and used during an optional Detection and Response Assessment (DRA).

We offer a post-engagement workshop to assess and collaborate with the defensive teams’ actions and gain complete insight into how your organisation defends against threats. We provide robust tactical and strategic advice, helping shape the future actions and road map for your security teams. 

We have developed custom questions aligned to the NIST Cyber Security Framework (CSF) to gain a holistic overview of your organisation’s defensive posture. Once fully sighted on these defences, we work alongside your teams to establish their timeline of events. This will then be compared with the timeline constructed by our Red Team to accurately establish potential areas of defensive improvement.

We work through any detections and subsequent response actions to help determine how effective, repeatable, and scalable the actions and surrounding processes were. This allows us to align any detections or alerts back to the MITRE ATT&CK framework.

Based on the information ascertained in this session, you can map out areas of current strengths and weaknesses. This allows you to fully understand your current security posture and create a roadmap for areas of focus.

Red teaming is a covert assessment that allows organisations to simulate real-world threats to assess how well their people, processes, and technologies (PPT) would stand up to a determined adversary. A large focus of red teaming engagements is not simply whether an adversary can breach the perimeter, but what will happen when they do.

The duration of a red teaming engagement can vary depending on the scope, objectives, and complexity of the organisation’s environment. Generally, engagements can last anywhere from a few weeks to several months. This timeframe allows the Red Team to conduct thorough reconnaissance, simulate realistic attack scenarios, and analyse the results to provide actionable insights. The goal is to ensure a comprehensive assessment that accurately reflects how your organisation would fare against real-world cyber threats.