Red Teaming: Targeted attacks to assess the security of your company

The endangerment on companies and institutions due to targeted attacks is steadily increasing. With such an attack on your company network, we simulate an Advanced Persistent Threat, thus checking your IT security measures. For this purpose, the red team (the attackers) does not receive any other information than the company name. Therefore, it performs an attack as a black box test from an external viewpoint.

In doing so, three key aspects of corporate security are considered:

• System security
• Processes
• Know-how and raising awareness of the employees

A red teaming test is comparable to a firefighting exercise. The red team sets fire so you can check whether you are able to react appropriately in an emergency and therefore put out the fire.

Red teaming offers various findings for different corporate departments. A red teaming assessment will answer the following questions:

• CSIR: Do we recognize targeted attacks and are we able to repel them?
• Corporate management: Is an attacker able to undertake the company IT within x days?
• Compliance/revision: Are required procedures available and are they being maintained?
• Training instructors: Are further awareness measures required?

Red team projects are carried out for several months and usually run through the following project phases:

• Kick-off workshop
• Digital public footprint
• Information gathering
• Persistence in the corporate network
• Social engineering
• Compromising systems and services
• Privilege escalation
• Actions on objective
• Triggering protective systems and processes
• Rectification of the Advanced Persistent Threat simulation
• Documentation

A red teaming assessment usually also includes social engineering attack vectors. In most cases, these are difficult to implement due to internal guidelines and the corporate structure. For this reason, SySS offers the possibility of performing a solely technical red teaming assessment.