How is Red teaming defined?
An exact definition of Red teaming is difficult to find as it is usually a combination of various tactics, techniques and procedures (TTP) of real cyber threats (APT). The easiest way to imagine a team of hackers is to try to break into a company from the outside. As a rule, they are not limited to a particular method, but can choose any path they deem appropriate (and which has been approved in advance by the customer).
Broadly speaking, the goal of an red team is to test a company's security by using the
methods of an real sophisticated attacker. In the best case scenario, the skills of the internal
blue team or,
if necessary, an external MDR provider are tested. In the best case scenario, this prevents the
activities of a red team.
Part of these activities is the enumeration of the victim's IT infrastructure, the general collection of information but also the search for and exploitation of security gaps. Phishing, social engineering or threat intelligence sources are also among the methods used by an external attacker. Small problems that usually don't have a big impact in isolation can combine to become a major problem and allow the attacker to access the network or certain information.
Often, Red teaming does not include the topic of “physical access”. This is usually covered by separate tests or large-scale red teaming exercises.
As an external Red Team, we were allowed to attack one of the largest aviation companies.
At a British research institute we found external and internal threats.
We found dozens of security gaps for a German manufacturer.
We were able to detect a large PII leak in a Brazilian company.
We regularly assess the external IT security of potential policyholders.
At regular intervals we carry out penetration tests against a well-known robotics application.
We were allowed to analyze the entire infrastructure of a foreign railway company.
SaaS providers are classic customers - the complexity of these applications makes regular pen tests necessary.
Gaming portals are also part of our customer portfolio.
Process of a red teaming exercise
In the first meeting we clarify the goals, the scope and the methodology. We define together how far we as contractors can go and what information we receive from the customer. We clarify which information is particularly important to the customer - usually these are the things that a potential attacker would also be interested in. An important topic here is often "phishing" - many customers don't want this to be tested - even though it is one of the most common methods of breaking into a company.
Depending on the requirements, we put together a compact team of experts who usually work on the project for 2-6 months. We carry out the tests and document our findings. We ensure that we achieve the goals while adhering to methodology. If desired, the customer will be informed about the progress at regular intervals - this usually happens weekly or monthly.
Depending on the agreement, there is a final report that explains which methods we used to be successful and what we were able to exfiltrate. In addition to the technical part, it also shows in which areas the company did a good job and was able to identify our activities early on.
The final meeting is usually the end of the project, where we present the report and discuss the results. We provide recommendations on how the company's security can be improved.
Our platform "Argos" is able to monitor your entire external infrastructure non-stop - so you and we can quickly identify potential problems. The platform looks for and reports anomalies to us.
Penetration tests are used to search for security gaps in particularly important applications in a very focused manner.
Too often we are part of highly complex technical penetration tests, but these do not prevent employee data from being leaked on the Internet for the portal being tested. As a customer you should know about it!
What clients say about us
„I've been really impressed with DSecured. The results they delivered exceeded our expectations. They found a wide range of IT problems and severe vulnerabilities and always communicated clearly. Working with them has been straightforward and reassuring.“
„The security of our customers’ data is our top priority. Thanks to DSecured, we were able to improve the resilience of our systems and realize how important the topic of "Shadow IT" is. The commitment of the team and their skills made the crucial difference for us.“
„DSecured was able to discover a surprising number of previously undetected security gaps in our infrastructure. The Argos platform as well as classic penetration tests were used for this. We really appreciated the honest advice on the subject of IT security and automation and would like to thank Mr. Strobel for this.“
„Mr. Strobel and his team regularly carry out penetration tests against our automation platform - and always find what they are looking for. The results are presented clearly and reproducibly. Communication has so far taken place via short channels, for example via Slack. We can definitely recommend DSecured.“