Red teaming is a comprehensive, multi-faceted simulated attack assessing an organization's risk and vulnerabilities across personnel, processes, and technology. Ethical hackers identify and test weaknesses using social engineering and stealth, making it ideal for organizations with strong security programs seeking more than a standard penetration test. To maximize value, define at least five goals for testers, such as obtaining domain admin access, unauthorized payroll data access, compromising critical network components, deploying ransomware on test data, or accessing credit card or sensitive PHI information.
A timed approach where our team tries to get access to a specific objective or goal from the outside.
A split approach where our team sets a specific number of days to attempt to penetrate the network from the outside, followed by another specific number of days in an assumed breach scenario to see what damage can be done if someone obtains access.
Begins with a black box assessment to simulate various external threat actors
Evaluates the likelihood of a remote compromise via phishing or external perimeter
A stealthy approach tests your blue team’s capability to quickly identify and respond to active threats and gaps
Blue team will be in the dark about when and how the simulated attack will occur
Identify users that would be most vulnerable, or most targeted by attackers and see how they react to active attacks
See how exposed your most valuable data is if it were targeted
Ethical hackers simulate realistic attack scenarios using OSINT and threat intelligence
Test objectives that would cause significant damage to your organization’s assets, reputation or regulatory compliance
Blue team will be in the dark about when and how the simulated attack will occur
Conduct a red team and blue team replay session to determine areas of strength and improvements
Targeted phishing campaigns against users depending on role
Evaluate password strength as external login portals are tested for weaknesses
Test internal controls to simulate a compromised end-point stealthily
Conduct search engine discovery and reconnaissance for information leakage
Assess response times to social engineering and network attacks
Exploit identified vulnerabilities and misconfigurations
Red Teaming | Objective-Based Penetration Testing | |
---|---|---|
Ability to Set Custom # of Days | Yes | No |
Advanced, Tactical, and Specialized Attacks | Yes | No |
Stealthy Attack | Yes | No |
Network Security | Yes | Yes |
Email Phishing | Yes | Yes |
Antivirus Bypass | Yes | Yes |
Adversary Simulation | Yes | Yes |
Physical Security Attacks | Yes | Yes |
Social Engineering (Phone / In-Person) | Yes | Yes |
Authentication Attacks | No | Yes |
Cryptography Attacks | No | Yes |
Ransomware Assessment | No | Yes |
Active Directory Bloodhound Assessment | No | Yes |
Active Directory Password Audit | No | Yes |
Packetlabs' security testing methodology is based on industry standards and is primarily aligned with the MITRE ATT@CK for Enterprise framework to ensure that real-world tactics, techniques, and procedures are conducted against an organization in order to test the organization’s security posture.
Download MethodologyDownload our buyer’s guide to learn everything you need to know to successfully plan, scope and execute your penetration testing projects.
Download GuideSeptember 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
August 15 - Blog
It's official: Packetlabs is a partner and attendee of Info-Tech LIVE 2024 in Las Vegas. Learn more about event dates and registration today.
There's simply no room for a compromise. We’re here to help. Our team works with yours to ensure you reach your full security potential.