What is red teaming?
San Tsu in his famous book the “Art of war” said
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat”.
To defend against criminals and cyber attackers you need to think like one of them. Red teaming is adopting adversaries approaches to test the organization’s defenses.
Why do you need a red teaming?
At INTELLISEC SOLUTIONS, we designed our services to simulate external adversaries. Our realistic red teaming engagements will mimic the techniques, tactics, and procedures (TTP) used by motivated black hat hackers to test the effectiveness of your defenses. The controlled attack scenarios are crafted based on predefined goals and objectives according to your needs. If you are looking for a more objective-centric assessment, red teaming is your suitable selection. Pentesting is based on finding as many vulnerabilities as possible and exploiting them but red teaming is more focused on specific goals.
Furthermore, INTELLISEC SOLUTIONS offers purple teaming services. Purple teaming is a methodology where red teams and blue teams are working closely. In purple teaming assessments attack and defense are all predetermined to provide a more effective security approach.
When performing red teaming engagements, Intellisec Solutions follows the Red teaming life-cycle. The life-cycle goes through the following steps:
- Initial compromise
- Privilege Escalation
- Internal reconnaissance
- Lateral Movement
- Data analysis
After every red teaming engagement, Intellisec Solutions provides a clear report that includes the following sections:
- Executive summary
- Technical report that includes: the methodology, defined goals, attack findings and analysis, and the recommendations
- Appendices: used tools, screenshots, detailed logs, exploits, and so on.