Red Teaming goes far beyond the boundaries of classic penetration testing by faithfully simulating attacks of real-life hacker groups. Unlike penetration testing, where a certain degree of cooperation is generally required of the client, Red Teaming is performed as a black-box, since all information about the target is obtained in course of the action. The initial infiltration is usually executed by several of the rich means offered by social engineering, or through an attack on Wi-Fi networks or external infrastructure. Another part of Red Teaming includes an actual physical penetration of the attacker into the client's premises, theft of sensitive data, connecting an unauthorized device to the internal network (the so-called Dropbox), or dumpster diving. Once the initial penetration into the network is done, a persistent access is secured, privileges are escalated, and the target is secured. The goal can include achieving the level of domain administrator privileges, gaining access to a specified network segment or application, or exfiltration of predefined data. The recognized Cyber Kill Chain, Unified Kill Chain and MITER ATT&CK methodologies form the ground for the Red Teaming internal methodology.

Related Articles