Red Team Operations

share close


The Red Team Operations service is designed to simulate the actions of real cyber attackers who might target your organisation. Red Team Operations uses all types of penetration testing methodology and is modelled around the MITRE ATT&CK for Enterprise framework:

Skills and Experience

Our Red Team use all the skills from their penetration testing experience and have undergone extensive industry-recognised training to ensure the Tactics, Techniques and Procedures (TTPs) simulate a real-life attack against your organisation.

The members of the red team are chosen carefully, ensuring that they have skills in the each of these disciplines:

  • Reconnaissance using open-source intelligence gathering techniques (OSINT) and threat intelligence
  • Weaponisation using the current techniques and tactics
  • Delivery of payloads using the stealthiest techniques
  • Exploitation of both publicly known security vulnerabilities and configuration weaknesses
  • C2 using the latest techniques of threat actors including redirection and fronting of C2 traffic
  • Execution of code on target systems using ingenious bypasses of Endpoint Detection and Response (EDR) products
  • Real world communication smuggling replicating the techniques used by the most skilled threat actors

Safety and Risk Management

The attack infrastructure used by our Red Team is heavily fortified to ensure any access into your organisation is protected. As defined by the Practice Director, the actions used by the Red Team are non-destructive and the team’s methodology minimises the risk of introducing real-world threats into your organisation. This is achieved by the following:

  • C2 traffic is encrypted twice in transit. The data is encrypted with symmetric key encryption and transmitted through a secure channel, such as HTTPS
  • Access to C2 server(s) is secured with two factor authentication (2FA), to ensurethat only authorised members of the Red Team can access attack infrastructure
  • Attack infrastructure employs access control lists using firewalls at each hop to ensure that only intended infrastructure can communicate with the Red Team’s C2 infrastructure

Reporting and Debrief

The Red Team Operations methodology ensures that any action undertaken by the Red Team is logged in a timeline of events allowing Incident Responders, Blue Teams or Security Operations teams to correlate actions against event logs. All TTPs used by the Red Team are directly mapped to Mitre’s ATT&CK Matrix, a centralised and industry-recognised list of techniques used by real[1]world threat actors. Trustmarque’s Red Team will happily host debriefing sessions with your organisation’s executives and defenders, so that any actions executed during the engagement window can be fully explained.

Open chat
Can we help you?