Red Team Testing Shelter From The Storm

Red Team Testing

Effective, combined, real-world attack methodologies

Request a Quote

Red Team Testing

The premise of Red Team Testing is “know thyself”. Verify your defences against simulated attacks. Until you try and break into your home you will never know the effectiveness of your home security system. A Red Team test will do just that to your business. It will demonstrate the effectiveness of your overall information security management system.

In a Red Team engagement, our ethical hackers will deploy in a series of attack scenarios to identify and exploit vulnerabilities in your people, processes and technology, verifying the security baseline you believe you have established for the business. You don’t know what you don’t know until you test what you think you know.

The service combines technical security penetration methodologies against your systems with social engineering attacks against your workforce that try to circumvent your detection and prevention controls and gain access to your information assets. Attacks are specifically designed to validate the effectiveness of your incident identification & response practices; giving you a hackers view of your information and cyber security defence posture.

Risk Crew testing is scoped to meet your specific business or compliance requirements and certificates are issued for evidence of compliance, if required.

Security Testing Overview Download

Red Team Testing People Commuting

Features and Components

Our Red Team testing consists of a series of customised attacks with the objective to identify vulnerabilities and prevent future attacks.

Attack Methodology

Each one of our engagements is unique in scope, the attacks are individually designed to test your organisation’s people, processes and technology. Rules of engagement are developed in collaboration with you and all activities are coordinated with the appropriate stakeholders to ensure objectives are clear and business disruption does not occur.

Detailed Testing

The testing involves simulating attacks across a range of potential entry points, from 3rd party connections to web applications to both front-end and back-end systems to accessing facilities and manipulating employees for unauthorised access to information.

Comprehensive Reports

Upon completion, the Risk Crew Red Team will generate a detailed and comprehensive report of their findings and recommendations for improvement, providing time and date stamped, visual and audio evidence of successful penetrations. We will recommend applicable key risk indicators to be used to identify similar attacks in the future.

Risk Crew Deliverables

Risk Crew’s service provides a comprehensive report that details security vulnerabilities identified and specific actions for remediation, a courtesy workshop and on-call assistance.

Detailed Report

The report details specific vulnerabilities identified on the platform, how they were identified, methods and tools used to identify them and visual evidence if applicable. The report shall indicate a security vulnerability risk rating for risk reduction references.

Courtesy Workshop

The report is presented in a workshop with applicable business stakeholders to ensure their understanding of the findings and the risks associated with hosting the business information assets on the platform.

On-call Advice Assistance

We provide advice and assistance for 30 days following the report submittal and answer any questions that arise from implementing remedial actions and ensuring risk reduction.

Complimentary Retesting

We offer retesting to verify remedial actions were effective. Upon completion, we’ll provide you a summary report verifying remedial measures have been implemented.

Customer Promise

Risk Crew provides an unparalleled penetration testing solution covered by a 100% satisfaction guarantee.

Red Team Testing Benefits

A good Red Team engagement will both validate the effectiveness of your existing controls and identify previously unrecognised vulnerabilities in the people, processes and technology you depend on to protect your information assets. Knowing your weaknesses is more important than knowing your strengths.

Risk Crew’s Red Team penetration testing will:

✓ Provide a real-life measure of your organisations capability to identify real threats to real vulnerabilities and in real time

✓ Validate the effectiveness of your existing controls and identify previously unrecognised vulnerabilities in people, process and technology

✓ Help to prevent or appropriately identify and respond to unauthorised access attempts

Why Choose Risk Crew

Our experienced security engineers implement detailed Red Team Testing methodologies using proprietary and open-source tools ensuring they can effectively assess your businesses capabilities to detect and mitigate attacks against your business systems.

All engineers are thoroughly vetted and subject to in-depth professional, criminal and credit records checks.

When you choose Risk Crew, you’re electing to work with qualified experts.

Best Practice

Risk Crew follows best practices including OWASP and NIST

Accredited

Engineers carry CREST, C√SS, C│EH and GIAC credentials

Certified

Engineers hold ISACA CISSP, CISM and CRISC certifications

Subject Matter Experts

Risk Crew engineers are SMEs with published articles in industry journals & magazines

Test your organisation’s capability to detect, respond and recover from attempted intrusions.

  Request a Quote          Contact an Expert

Frequently Asked Questions

What is Red Team testing?
Technically, a Red Team is an independent group that challenges an organisation to improve its effectiveness by assuming an adversarial role or point of view – seeing the organisation through an adversary’s eyes. In an information or cyber security context, a Red Team is a group of ethical hackers that design and execute a series of coordinated technical and social engineering attacks on an organisation’s people, process and technology to simulate how an intruder could obtain unauthorised access to its systems or information assets.
What is the difference between a Red Team and a Blue Team?
In information security terms, Red Teams are external entities brought in to test the effectiveness of an information security risk management program. Blue Team refers to the internal resources charged with executing the information security risk management program and defending the business from a cyber-attack. The purpose of a Red Team is to identify ways to improve the Blue Team.
What's the difference between penetration testing and Red Team Testing?
A security penetration test is the methodology of identifying and attempting to exploit security weaknesses associated with an organisation’s technology systems to get unauthorised access or access to a specific target. Red Team Testing is the methodology of identifying and attempting to exploit weaknesses in an organisation’s people, process and technology systems to get unauthorised access to a specific target. Penetration testing is included in Red Team testing.
What are examples of typical Red Team exercises?
Typical Red Team exercises would include technical penetration testing, phishing or telephone pretexting staff for passwords or attempting to bypass office physical access controls in order to upload an unauthorised application (i.e. spyware). The specific attack methodology would be driven by the security awareness culture of the organisation.
What is a Red Team methodology?
A Red Team testing methodology should be a flexible framework bespoke to the target organisation’s culture and objectives and at minimum be comprised of the following activities:
  1. Establishing the testing scope (people, processes, technology)
  2. Establishing the rules of engagement
  3. Establishing the testing target(s) and/or objective(s)
  4. Establishing the testing timelines
  5. Conducting target reconnaissance and intelligence gathering
  6. Designing the attacks (people, processes & technology)
  7. Executing the attacks
  8. Evidence tagging
  9. Report of findings & remedial recommendations
  10. Provide metrics for future testing