Red Team

We use a robust methodology specifically developed for Red Team and CREST STAR assessments, which draws on common industry cyber kill chains.

The attack steps are intended to effectively mimic those of an advanced threat actor. Risk management is a key focus throughout the Red Team engagement and enables the simulation to be realistic, whilst minimizing risks to system availability and performance.

• Reconnaissance

Background information is gathered on and from the target organization. Examples include obtaining public information from the internet about the target organization, establishing potential attack surface of the target or identifying possible victims or target user information.

• Staging

Based on the information gathered from reconnaissance activities, staging platforms will be implemented to emulate that of the agreed threat actors. This platform will be used as a base which further simulated attacks against the target organization will be launched.

• Exploitation

Using tactics, techniques and procedures similar to those of the established threat actors, identified vulnerabilities will be exploited to gain unauthorized access to the target. This will be performed to the level agreed in the scoping study and in-line with the risk assessment.

• Control and movement

Once a successful compromise has been achieved, attempts will be made to move from initially compromised systems to further vulnerable or high value systems. For example this may consist of “pivoting” between internal systems of interest and reusing any escalated access obtained in order to eventually compromise agreed target systems.

• Actions on target

Gaining further access on compromised systems and acquiring access to previously agreed target information and data. Again this phase will be performed based on the agreed scope and risk assessment and approved by the target organization.

• Persistence and egress

Mimicking the activities of an advanced attacker, persistent access to the network will be secured and simulated exfiltration of staged data will be performed. Staged data will be created in line with the risk assessment and approved by target organization before any action is taken.

CREST Simulated Targeted Attack and Response (STAR) is a framework that delivers controlled, bespoke, intelligence-led targeted cyber-attack assessments which replicate the behaviours of identified threat actors. Our CREST accredited STAR testing ensures that attack groups which pose a genuine threat to your organization’s critical assets are identified and realistically simulated. Threat intelligence ensures that credible threats to an organization are not only identified, but that their modus operandi are effectively simulated during the engagement.

We are able to tailor Red Team engagements to meet your requirements and budgets by selecting only relevant areas of the methodology. This allows you to focus on what is appropriate for your business and still get assurance of your organization’s resilience to attack.

Examples of bespoke Red Team:

• Open source intelligence gathering
• Spear phishing simulation
• Malware delivery / foothold establishment
• Endpoint and server persistence
• Data exfiltration simulation

In each of the above cases, the testing can be performed on a zero or partial knowledge basis.

• We are certified to perform Red Team engagements using the CREST STAR framework
• Our experienced team have provided bespoke Red Team engagements to organizations across a range of sectors
• Our experienced teams are accredited to the following standards:
  • CREST Certified Attack Specialist (CCSAS)
  • CREST Certified Attack Manager (CCSAM)