Advanced ‘Red Team’ assessments utilize an incredible amount of human security engineering expertise to fully understand the threat impact of a real cyber-attack against your organization. If you need a full scale ‘no holds barred’ cyber attack launched at your organization or specific assets, Redspin’s Red Team assessments offer unparalleled insights into your security posture.
Each Red Team engagement is unique and specifically tailored for every organization, but usually include the following scopes of work:
- Internal and External Network Penetration Testing
- Web, Mobile, and SaaS/Cloud Application Penetration Testing
- Social Engineering (Phishing, Vishing, Phone, In-Person)
TALK TO A REDSPIN
Red Team Overview
Within each of the scopes of work, a Red Team assessment analyzes and assesses the following areas:
Identify Data Leaks
— Initially through ‘zero packet reconnaissance’ and open source intelligence (OSINT) vectors.
Assess Security & Attack Vectors
— Initially of Internet-facing networks by probing open ports and services.
— Initially any vulnerable or misconfigured systems, services, and infrastructure.
— Gather information and pivot to internal networks through phishing, vishing, phone, and in-person based campaigns.
— Facility/location breaches through the use of long-term surveillance and intelligence gathering.
Redspin’s Red Team uses decades of combined experience, best practices, top-shelf tools, and the latest threat intelligence to give you comprehensive security testing and findings. The result from this process is usually compromised networks and applications. The deliverable is an actionable, risk-rated, and prioritized report with detailed recommendations to understand overall risk and potential impact on the organization.
Red Team Assessment Methodology
Phase 1: Passive Reconnaissance: Zero Packet Reconnaissance and Open Source Intelligence (OSINT)
Phase 2: Active Reconnaissance: Network Scanning, Surveillance, and Social Engineering
Phase 3: Infiltration: Exploitation of Infrastructure, Applications, and Employees
Phase 4: Internal Network Pivoting and Exploration: Expand access and control, identify sensitive data
Phase 5: Data Exfiltration: Demonstrate data is accessible and can be stolen without detection
Penetration Testing Services
Redspin’s security assessment services are designed to lower risk and protect data. By tailoring the right combination of network/infrastructure, application/service, and personnel security testing… We can ensure the best return on your investment.