Red Team Operations

Background
share close

Overview

The Red Team Operations service is designed to simulate the actions of real cyber attackers who might target your organization. Red Team Operations uses all types of penetration testing methodology and is modelled around the MITRE ATT&CK for Enterprise framework:

Skills and Experience

Our Red Team use all the skills from their penetration testing experience and has undergone extensive industry-recognized training to ensure the Tactics, Techniques and Procedures (TTPs) simulate a real-life attack against your organization.

The members of the red team are chosen carefully, ensuring that they have skills in each of these disciplines:

  • Reconnaissance using open-source intelligence gathering techniques (OSINT) and threat intelligence
  • Weaponisation using the current techniques and tactics
  • Delivery of payloads using the stealthiest techniques
  • Exploitation of both publicly known security vulnerabilities and configuration weaknesses
  • C2 using the latest techniques of threat actors including redirection and fronting of C2 traffic
  • Execution of code on target systems using ingenious bypasses of Endpoint Detection and Response (EDR) products
  • Real-world communication smuggling replicating the techniques used by the most skilled threat actors

Safety and Risk Management

The attack infrastructure used by our Red Team is heavily fortified to protect any access to your organization. As defined by the Practice Director, the actions used by the Red Team are non-destructive and the team’s methodology minimizes the risk of introducing real-world threats into your organization. This is achieved by the following:

  • C2 traffic is encrypted twice in transit. The data is encrypted with symmetric key encryption and transmitted through a secure channel, such as HTTPS
  • Access to C2 server(s) is secured with two-factor authentication (2FA), to ensure that only authorized members of the Red Team can access attack infrastructure
  • Attack infrastructure employs access control lists using firewalls at each hop to ensure that only intended infrastructure can communicate with the Red Team’s C2 infrastructure

Reporting and Debrief

The Red Team Operations methodology ensures that any action undertaken by the Red Team is logged in a timeline of events allowing Incident Responders, Blue Teams or Security Operations teams to correlate actions against event logs. All TTPs the Red Team uses are directly mapped to Mitre’s ATT&CK Matrix, a centralized and industry-recognized list of techniques used by real[1]world threat actors. Trustmarque’s Red Team will happily host debriefing sessions with your organization’s executives and defenders so that any actions executed during the engagement window can be fully explained.

Open chat
Hello
Can we help you?