Damian Strobel
Founder and CEO
"Red Teaming looks at IT security from all angles and is therefore the supreme discipline of IT security."
How is Red teaming defined?
An exact definition of Red teaming is difficult to find as it is usually a combination of various tactics, techniques and procedures (TTP) of real cyber threats (APT). The easiest way to imagine a team of hackers is to try to break into a company from the outside. As a rule, they are not limited to a particular method, but can choose any path they deem appropriate (and which has been approved in advance by the customer).
Broadly speaking, the goal of an red team is to test a company's security by using the methods of an
real sophisticated attacker. In the best case scenario, the skills of the internal blue team or, if
necessary, an external MDR provider are tested. In the best case scenario, this prevents the
activities of a red team.
Part of these activities is the enumeration of the victim's IT infrastructure, the general
collection of information but also the search for and exploitation of security gaps. Phishing,
social engineering or threat intelligence sources are also among the methods used by an external
attacker. Small problems that usually don't have a big impact in isolation can combine to become a
major problem and allow the attacker to access the network or certain information.
Often, Red teaming does not include the topic of “physical access”. This is usually covered
by separate tests or large-scale red teaming exercises.
How much does Red Teaming cost?
Red teaming is a complex undertaking. The cost of a red teaming project depends on various factors, including the size and complexity of the target system(s), the number of attack vectors, the number of attack scenarios, the number of red team members involved, and the duration of the project. Typically, red teaming involves a variety of specialists, including people with experience in penetration testing, phishing, social engineering, exploit development, and so on. This fact alone usually makes red teaming significantly more expensive than “short” focused penetration tests. If physical attacks are added, the costs usually also increase. In general, you can say that very short, very focused red teaming assignments tend to start in the low five-figure range. However, larger and longer bets can quickly reach six figures.
DSecured primarily specializes in external attack scenarios. These assume that the attacker comes from “outside”. The focus is then on testing all externally accessible systems and services and their continuous monitoring - usually for at least 3 months. This is supplemented by social engineering and phishing as well as information that is found, for example, on the Darknet (see Darknet Intelligence) (passwords via InfoStealer, for example). We try to achieve a specific goal - usually, for example, access to the internal system or access to confidential information.
Based on a classic, relatively simple deployment, as we most often see it, you should expect a budget of 30,000 euros for a period of 3 months. However, this number can vary greatly if, for example, pivoting is permitted within an internal network.
Activities
Aviation industry
As an external Red Team, we were allowed to attack one of the largest aviation companies.
Universities
At a British research institute we found external and internal threats.
Car manufacturers
We found dozens of security gaps for a German manufacturer.
IT companies
We were able to detect a large PII leak in a Brazilian company.
Insurance companies
We regularly assess the external IT security of potential policyholders.
Robotics
At regular intervals we carry out penetration tests against a well-known robotics application.
Railway companies
We were allowed to analyze the entire infrastructure of a foreign railway company.
SaaS providers
SaaS providers are classic customers - the complexity of these applications makes regular pen tests necessary.
Gaming
Gaming portals are also part of our customer portfolio.
Process of a red teaming exercise
Kickoff
In the first meeting we clarify the goals, the scope and the methodology. We define together how far we as contractors can go and what information we receive from the customer. We clarify which information is particularly important to the customer - usually these are the things that a potential attacker would also be interested in. An important topic here is often "phishing" - many customers don't want this to be tested - even though it is one of the most common methods of breaking into a company.
Execution
Depending on the requirements, we put together a compact team of experts who usually work on the project for 2-6 months. We carry out the tests and document our findings. We ensure that we achieve the goals while adhering to methodology. If desired, the customer will be informed about the progress at regular intervals - this usually happens weekly or monthly.
Reporting
Depending on the agreement, there is a final report that explains which methods we used to be successful and what we were able to exfiltrate. In addition to the technical part, it also shows in which areas the company did a good job and was able to identify our activities early on.
Final meeting
The final meeting is usually the end of the project, where we present the report and discuss the results. We provide recommendations on how the company's security can be improved.
Red teaming also includes:
Request red teaming
Services complementing red teaming
Continuous monitoring
Our eASM platform "Argos" is able to monitor your entire external infrastructure non-stop - so you and we can quickly identify potential problems. The platform looks for and reports anomalies to us.
Penetration testing
Penetration tests are used to search for security gaps in particularly important applications in a very focused manner.
Darknet Intelligence
Too often we are part of highly complex technical penetration tests, but these do not prevent employee data from being leaked on the Internet for the portal being tested. As a customer you should know about it!
What clients say about us
„I've been really impressed with DSecured. The results they delivered exceeded our expectations. They found a wide range of IT problems and severe vulnerabilities and always communicated clearly. Working with them has been straightforward and reassuring.“
„The security of our customers’ data is our top priority. Thanks to DSecured, we were able to improve the resilience of our systems and realize how important the topic of "Shadow IT" is. The commitment of the team and their skills made the crucial difference for us.“
„DSecured was able to discover a surprising number of previously undetected security gaps in our infrastructure. The Argos platform as well as classic penetration tests were used for this. We really appreciated the honest advice on the subject of IT security and automation and would like to thank Mr. Strobel for this.“
„Mr. Strobel and his team regularly carry out penetration tests against our automation platform - and always find what they are looking for. The results are presented clearly and reproducibly. Communication has so far taken place via short channels, for example via Slack. We can definitely recommend DSecured.“