Red teaming

We put together a small team of ethical hackers and continuously try to break into your company over a defined period of time - just like real attackers would. Your advantage: you can see where the problem areas are.

Red teaming is a good way to paint a realistic picture of your company's security. We act just like real attackers would. Traditional penetration testing, but also phishing, social engineering and other methods can be used.

How is Red teaming defined?

An exact definition of Red teaming is difficult to find as it is usually a combination of various tactics, techniques and procedures (TTP) of real cyber threats (APT). The easiest way to imagine a team of hackers is to try to break into a company from the outside. As a rule, they are not limited to a particular method, but can choose any path they deem appropriate (and which has been approved in advance by the customer).

Broadly speaking, the goal of an red team is to test a company's security by using the methods of an real sophisticated attacker. In the best case scenario, the skills of the internal blue team or, if necessary, an external MDR provider are tested. In the best case scenario, this prevents the activities of a red team.
Part of these activities is the enumeration of the victim's IT infrastructure, the general collection of information but also the search for and exploitation of security gaps. Phishing, social engineering or threat intelligence sources are also among the methods used by an external attacker. Small problems that usually don't have a big impact in isolation can combine to become a major problem and allow the attacker to access the network or certain information.
Often, Red teaming does not include the topic of “physical access”. This is usually covered by separate tests or large-scale red teaming exercises.

How much does Red Teaming cost?

Red teaming is a complex undertaking. The cost of a red teaming project depends on various factors, including the size and complexity of the target system(s), the number of attack vectors, the number of attack scenarios, the number of red team members involved, and the duration of the project. Typically, red teaming involves a variety of specialists, including people with experience in penetration testing, phishing, social engineering, exploit development, and so on. This fact alone usually makes red teaming significantly more expensive than “short” focused penetration tests. If physical attacks are added, the costs usually also increase. In general, you can say that very short, very focused red teaming assignments tend to start in the low five-figure range. However, larger and longer bets can quickly reach six figures.

DSecured primarily specializes in external attack scenarios. These assume that the attacker comes from “outside”. The focus is then on testing all externally accessible systems and services and their continuous monitoring - usually for at least 3 months. This is supplemented by social engineering and phishing as well as information that is found, for example, on the Darknet (see Darknet Intelligence) (passwords via InfoStealer, for example). We try to achieve a specific goal - usually, for example, access to the internal system or access to confidential information.

Based on a classic, relatively simple deployment, as we most often see it, you should expect a budget of 30,000 euros for a period of 3 months. However, this number can vary greatly if, for example, pivoting is permitted within an internal network.


Aviation industry

As an external Red Team, we were allowed to attack one of the largest aviation companies.


At a British research institute we found external and internal threats.

Car manufacturers

We found dozens of security gaps for a German manufacturer.

IT companies

We were able to detect a large PII leak in a Brazilian company.

Insurance companies

We regularly assess the external IT security of potential policyholders.


At regular intervals we carry out penetration tests against a well-known robotics application.

Railway companies

We were allowed to analyze the entire infrastructure of a foreign railway company.

SaaS providers

SaaS providers are classic customers - the complexity of these applications makes regular pen tests necessary.


Gaming portals are also part of our customer portfolio.

Process of a red teaming exercise


In the first meeting we clarify the goals, the scope and the methodology. We define together how far we as contractors can go and what information we receive from the customer. We clarify which information is particularly important to the customer - usually these are the things that a potential attacker would also be interested in. An important topic here is often "phishing" - many customers don't want this to be tested - even though it is one of the most common methods of breaking into a company.


Depending on the requirements, we put together a compact team of experts who usually work on the project for 2-6 months. We carry out the tests and document our findings. We ensure that we achieve the goals while adhering to methodology. If desired, the customer will be informed about the progress at regular intervals - this usually happens weekly or monthly.


Depending on the agreement, there is a final report that explains which methods we used to be successful and what we were able to exfiltrate. In addition to the technical part, it also shows in which areas the company did a good job and was able to identify our activities early on.

Final meeting

The final meeting is usually the end of the project, where we present the report and discuss the results. We provide recommendations on how the company's security can be improved.

Contact DSecured

Request red teaming

Services complementing red teaming

Continuous monitoring

Our eASM platform "Argos" is able to monitor your entire external infrastructure non-stop - so you and we can quickly identify potential problems. The platform looks for and reports anomalies to us.

Penetration testing

Penetration tests are used to search for security gaps in particularly important applications in a very focused manner.

Darknet Intelligence

Too often we are part of highly complex technical penetration tests, but these do not prevent employee data from being leaked on the Internet for the portal being tested. As a customer you should know about it!

What clients say about us