Red Team

Red Team and CREST Simulated Target Attack and Response (STAR) testing

A Red Team provides penetration testing and attack simulation using the Techniques, Tactics and Procedures (TTPs) of advanced and sophisticated attackers. It is also known as simulated targeted attacks or advanced threat simulation.

Why engage Red Team services?

The objectives of Red Team engagements focus on identifying threats to the critical data from your wider business rather than being confined to a specific subset of systems. We tailor interactions to your organization and the specific threats faced within your sector. 

Unlike standard penetration testing, a Red Team also allows internal incident response teams to assess their capabilities and processes in a controlled and managed way.

Depending on the scenarios and threat actors being simulated, Red Team testing can include a variety of attack methods such as spear phishing, insider threats, watering hole, media dead drops, physical, and telephone social engineering.


Our Red Team methodology

We use a robust methodology specifically developed for Red Team and CREST STAR assessments, which draws on common industry cyber kill chains.

The attack steps are intended to effectively mimic those of an advanced threat actor. Risk management is a key focus throughout the Red Team engagement and enables the simulation to be realistic, whilst minimizing risks to system availability and performance.

Simulated attack steps

  • Reconnaissance

Background information is gathered on and from the target organization. Examples include obtaining public information from the internet about the target organization, establishing potential attack surface of the target or identifying possible victims or target user information.

  • Staging

Based on the information gathered from reconnaissance activities, staging platforms will be implemented to emulate that of the agreed threat actors. This platform will be used as a base which further simulated attacks against the target organization will be launched.

  • Exploitation

Using tactics, techniques and procedures similar to those of the established threat actors, identified vulnerabilities will be exploited to gain unauthorized access to the target. This will be performed to the level agreed in the scoping study and in-line with the risk assessment.

  • Control and movement

Once a successful compromise has been achieved, attempts will be made to move from initially compromised systems to further vulnerable or high value systems. For example this may consist of “pivoting” between internal systems of interest and reusing any escalated access obtained in order to eventually compromise agreed target systems.

  • Actions on target

Gaining further access on compromised systems and acquiring access to previously agreed target information and data. Again this phase will be performed based on the agreed scope and risk assessment and approved by the target organization.

  • Persistence and egress

Mimicking the activities of an advanced attacker, persistent access to the network will be secured and simulated exfiltration of staged data will be performed. Staged data will be created in line with the risk assessment and approved by target organization before any action is taken.


CREST STAR framework

CREST Simulated Targeted Attack and Response (STAR) is a framework that delivers controlled, bespoke, intelligence-led targeted cyber-attack assessments which replicate the behaviours of identified threat actors. Our CREST accredited STAR testing ensures that attack groups which pose a genuine threat to your organization’s critical assets are identified and realistically simulated. Threat intelligence ensures that credible threats to an organization are not only identified, but that their modus operandi are effectively simulated during the engagement.

Bespoke Red Team assessments

We are able to tailor Red Team engagements to meet your requirements and budgets by selecting only relevant areas of the methodology. This allows you to focus on what is appropriate for your business and still get assurance of your organization’s resilience to attack.

Examples of bespoke Red Team:

  • Open source intelligence gathering
  • Spear phishing simulation
  • Malware delivery / foothold establishment
  • Endpoint and server persistence
  • Data exfiltration simulation

In each of the above cases, the testing can be performed on a zero or partial knowledge basis.


Why BSI for Red Team?

  • We are certified to perform Red Team engagements using the CREST STAR framework
  • Our experienced team have provided bespoke Red Team engagements to organizations across a range of sectors
  • Our experienced teams are accredited to the following standards:
    • CREST Certified Attack Specialist (CCSAS)
    • CREST Certified Attack Manager (CCSAM)