Red team security exercises (rtse)

RED TEAMING

Simulating Real World Attacks – Before they Become Real.  Redbot Security performs multiple, successful Red Team Engagements yearly. Please book your engagement in advance to ensure scheduling meets your expectations.

Use the Quick Contact form below for Red Teaming -or- tell us more details about your upcoming project.

Red Teaming

The RTSE is designed as a real-world exercise focusing on our client’s ability to identify, track, disconnect, and cleanup a potential or actualized breach by a malicious actor. If in the event that security testers are discovered, Redbot Security typically will initiate a 2-week back-off period before attempting to continue with the exercise. This may result in a timeline extension greater than the initially scoped 12-14 week period.

In order to avoid detection, Redbot Security will anonymize traffic and use various technologies to route traffic across the internet that appears to originate from multiple US and non-US points of origin. Redbot Security will keep a log of IP addresses and timestamps correlating RTSE-specific traffic. This log is used by our clients to validate exercise versus real-world traffic upon request.

Custom Scoping

Our expert team takes pride in developing the right scope for your project.

Timeline Delivery

Our service delivery is designed to exceed expectations, to ensure you meet your deadlines. Book your red team engagement in advance.

Proof of Concept

Complete Proof of Concept to show manual testing efforts with detailed storyboard of findings.

Sr. Level Support

Our primary goal is to ensure that your network is secure. We go the extra mile, are engaged, and continuously strive to be your ongoing security partner.

Case Study

  • Client: Legal
  • Red Team Security Exercise (RTSE)
  • Engagement 12 weeks
internal

coming soon

Red Teaming

What is a Red Team Security Exercise?

Red Team Security Exercise (RTSE)

A red team is a highly skilled security exercise that requires client’s internal teams to refine and perform identification, containment, reporting, and maintenance in the face of an attack on their organization from any angle. Traditional penetration testing is loud and the focus is on identifying as many possible threats to an application, system, or network in a typically short amount of time. An RTSE focuses on the client’s internal security personnel and controls in place, to defend and detect the organization from a persistent threat actor, over a much longer period of time.

While detailing every step in the Redbot Security RTSE process is unrealistic, clients can expect the following:

Phase 1  (Intelligence Gathering)

  • Open Source Intelligence Gathering (OSINT)
  • Vishing and social engineering as prospective clients, vendors, etc.
  • Benign phishing to establish trust and collect data (no malicious payloads or code injection)
  • Form an attack plan for Phase 2
  • Custom build malicious payloads in attempts to evade detection

Phase 2 (External Operations)

  • Map the attack surface
  • Active exploitation of technical vulnerabilities
  • Multiple spear-phishing engagements with active payloads
  • Attempt to bypass MFA if present
  • Upon successful exploitation, execute the necessary steps to maintain a persistent connection
  • Attempt to gain access to the internal network

Phase 3 (Internal Foothold – First Round)

  • Maintain a persistent connection to the internal network
  • Deploy custom malware
  • Evade detection 
  • Elevate privileges
  • Attempt to exfiltrate data or plant flags

Phase 4 (Onsite Operations) – Optional

  • Wireless network penetration testing
  • Physical security assessment and attempt to bypass security controls and personnel
  • Physical break-in may occur during the day, night, or both
  • Social engineer personnel for access
  • Deploy RATs, Screen grabbers, cameras, and audio surveillance equipment
  • Clone badges
  • USB drops
  • Employment interview or similar

Phase 5 (Internal Foothold – Second Round)

If an organization does not what to proceed with Phase 4 (Onsite Operations) – OR – all other phases were unsuccessful. The organization can opt for a malicious insider approach from one of the following:

  • RAT/Dropbox deployment (physical deployment to a random internal location)
  • Malware infected host (Direct download)
  • VPN Access with a user account

Phase 6 (Reporting & Review)

Redbot Security conducts a modified purple team exercise to verbally communicate actions and observations with the Company’s internal security. As needed, Redbot Security will replay attack techniques to help the Company’s internal security refine security controls and provide a deep technical understanding to increase the likelihood of detecting anomalies. R

Redbot Security will write a report detailing step by step all actions performed during the RTSE.

Additional Services

IT Network Penetration Testing

Redbot Security provides true manual penetration testing services that will simulate real-world attacks against your networks. Both External and Internal Network Testing can be performed from a remote perspective.

Application Penetration Testing

Redbot Security’s hybrid approach to web application penetration testing and mobile application penetration testing sources industry-leading frameworks and combines senior-level talent with over 20 years of experience

Social Engineering

Redbot Security mimics a malicious entity with the intent on gaining access to internal networks, system, documents, and proprietary information through Physical and Electronic Tactics

Wireless Penetration Testing

Wireless Network Penetration Testing is a proactive step your company can take to ensure the security of your wireless networks. Redbot Security provides the industry’s most comprehensive onsite wireless security testing.

OT Network (ICS/SCADA) Testing

Redbot Security provides an outside-in approach to offer a holistic testing for ICS/SCADA and recommendation methodology that aligns to the defined scope and expectational needs of the Company.

Cloud Security

Redbot Security’s Cloud Security Review focuses on private and public architecture, policies, and permissions in production and development cloud environments for: •Amazon Web Services (AWS) •Google Cloud Platform (GCP) •Microsoft Azure (Azure)