Red Teaming


Your organization is under attack. The volume and sophistication of targeted and opportunistic attacks are increasing. Cyber fraud, ransomware, supply chain attacks, or insider threats are just some of the threats you face. Test how well your cyber defenses hold up against realistic malicious actors through Red Teaming.


Digital breaches happen daily, but you never know when your organization will be hit. Preparing for such events requires more than deploying security controls. It also requires an evaluation of how well those security controls hold up against real-world attackers and how well your defenders react to these events.


Discover more about Red Teaming:

  1. What is Red Teaming?
  2. The process of a Red Teaming attack
  3. Different types of Red Teaming
  4. Secura's Red Teaming Team
Red Teaming

What is Red Teaming?


Red Teaming is a security discipline originating in the military arena, that simulates full-spectrum cyber-attacks. This allows you to measure your cyber defense’s effectiveness against malicious actors and allows your defenders to practice their detection and response capabilities in a controlled environment and validate or refine them. Lastly, the Red Team can also expose gaps in your overall security defense capabilities by targeting your organization and not being confined by the constraints of a regular pentest.

Red team

Suppose you want to know how good you are at detecting spearphishing attacks by sophisticated cybercrime actors or whether your detection capabilities are indeed seeing Advanced Persistent Threats (APTs). In that case, there is only one way to know, and that is to test these processes by performing these attacks as a malicious attacker would. The Red Team will simulate the attack. The Blue Team, responsible for defending, can be involved in various ways (or not at all). The White Team (the observers) can escalate and de-escalate when necessary.

The Process of Red Teaming


After careful consideration and planning, our consultants will go on the attack and attempt to access your so-called 'crown jewels' in any way possible. Depending on the target, Secura will use a mixture of offensive social engineering and computer network attack techniques as a real-world malicious actor would. Techniques used are mystery guest, phishing, vishing, attacks from the internet, and computer networking attacks in your internal networks.

Process Red Teaming
Step 1: Planning and Preparation

Managing the process starts with planning and careful preparation. A dedicated project manager works together with the Red Team lead and the White Team to create a schedule and a dedicated set of rules of engagement. Throughout the engagement, this schedule is followed and adjusted where necessary. Risks and scenarios are assessed ongoing.


Step 2: Reconnaissance

An important objective is to emulate realistic scenarios, using techniques and methods precisely like those used by real attackers. This is where the ‘Threat Intel’ comes into play.

If an attacker were to see your organization as a target and wanted to learn as much as possible about your internal processes, infrastructure, and data, what could they find out? Any Red Teaming strategy starts with an information position, and the better the position, the better the strategy. A lot can be found out about a company and its employees by using Open Source Intelligence (OSINT), social media, and websites or technical forums. At a later stage, physical access, social engineering, and phishing can be used. Everything combined, a wealth of information can aid an attacker (and the red team) in their attacks.


Step 3: Exploitation

Delivering a malicious payload into the target network can take many forms, but currently, the easiest and very efficient is, again, (spear)phishing. It can be used to harvest credentials for core applications and deliver malware directly. However, delivery of a payload can also be done through a physical USB device, rogue network device, or compromised laptop. In all cases, the delivery leads to the following step: exploiting a vulnerability to gain a foothold.


Step 4: Post-exploitation

Gaining a foothold is achieved by successfully delivering an exploit, not being detected, and executing that exploit. This usually leads to a compromised system in the network of the target. The compromise itself can take the form of installing our piece of custom ‘controlled malware’. Moving through the network, closer and closer to the crown jewels, we pivot through the network, jumping from one server with specific access rights to another with more privileges. Gaining domain administrator rights in a Windows network is usually the last step before access to the crown jewels can be achieved.


Step 5: Exfiltration

Once the crown jewels (or anything else interesting such as captured network traffic, the database of domain password hashes, or exchange email server database) have been reached, it is time to exfiltrate this data. This tests detection capabilities on outbound traffic and detection of transfer of funds (as well as capabilities to respond to these actions). When this has been achieved, the attack chain has been fulfilled.


Step 6: Clean Closure

Clean closure does not only mean managing the leftover digital remnants of the executed attacks. It also means providing the blue team with one or more evaluation sessions where the full timeline is replayed in a workshop, maximizing learning and awareness. The clean closure and evaluation also contain a detailed report and our perspective on your overall security maturity in your threat landscape


Types of Red Teaming

Red Team

As a security discipline, Red Teaming is gaining in popularity in all sectors, from financials to public organizations and even (critical) industry. Secura, however, believes that there is not one Red Teaming program that can fit every type of organization. That's why Secura uses service levels for Red Teaming, with a differentiation in the Red Team assessment's depth, variety, and duration. This allows you to choose which service level is the right fit for your organization and budget in consultation with our Red Team managers. Next to this, all-service levels work with the MITRE ATT&CK framework and offer the opportunity to work in a Purple Teaming setup (a combined effort between Red and Blue).


Red Teaming entry level:

Are you up for the next step after pentesting? This approach uses the strengths and benefits of a full-scale Red Team assessment combined with freely sharing essential requirements, so the heavy lifting is a shared effort between the Red Team and your organization. This results in an attractive budget while still targeting your employees' physical and digital security and security awareness.

We have a dedicated offering for healthcare providers (ZORRO assessments) and small and medium enterprises within the entry level.


Traditional Red Teaming in IT

A full-blown attack simulation where the Red Team works as a completely independent group. Extensive threat landscape analysis and reconnaissance will be condensed into challenging attack scenarios. Secura offers two options based on the maturity of your incident response and detection capabilities.


Red Teaming in OT

Similar to traditional Red Teaming but with a specific focus on generating a low volume and simulated high impact even on your ICS and SCADA control systems. Attackers targeting these environments use different tactics, resulting in a tailor-made process that also mitigates any risks to the operational environment.


TIBER

TIBER stands for Threat Intelligence Based Ethical Red Teaming and is part of the financial sector's effort to improve cyber resilience under the guidance of the Dutch National Bank. Secura is capable of functioning as Red Teaming Provider (RTP), complying with the requirements for Red Teaming Provider (RTP) in the TIBER-NL guidelines.


Crisis management

Secura confronts your crisis management team with a challenging but realistic cyber threat incident aimed at testing cooperation and coordination. During a one-day tabletop session, your team will be presented with so-called injects, providing a realistic feel in a simulated and controlled environment. Such a tabletop session is beneficial for developing your cyber crisis management skills and preparing the team for other high-impact incidents.

Secura's Red Teaming Team!

20220325 The Arrows Secura HR 228489

An attacker uses a vast arsenal of tools to abuse all aspects of your digital security, such as technology, physical security, and human behavior, to access your most important crown jewels. To mimic this type of attack requires a team of experienced hackers and social engineers with the proper knowledge, broad experience, and many specialties. Secura has built this knowledge, experience, and specialties into its team over the past twenty years. Therefore, our multidisciplinary team consists of top specialists with knowledge and experience in the three security domains: technology, physical security, and human behavior.

Secura's experience in red teaming, combined with our capabilities, passion, and industry-specific experience, provides our clients with the best possible foundation for clean, solid execution and management of Red Teaming engagements.


Read More
: "Secura Selected as Partner in the Province of Gelderland's Cyber Challenge"

Fact sheets

Secura Red Teaming Service

Our Red Teaming services.

Download fact sheet file_download

Interested in a Red Team Simulation?

Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.