Red Teaming is custom tailored attacks targeting your company’s crown jewels using any adversarial means available.
Advanced Persistent Threat as a Service
Red Teaming is adversarial simulation where stealth and evasiveness are employed to challenge all defenses, monitoring, and response capabilities. The ultimate QA of your entire security programme including SOC/MSSP, email gateway security, endpoint detection, response, and incident readiness. CipherTechs studies APT reports to recreate and customize a range of advanced real-world tactics techniques and procedures.
CipherTechs Red Teaming
CipherTechs Red Team consists of seasoned cyber security veterans with years of experience compromising enterprise environments. During the comprehensive scoping phase, crown jewels are defined and rules of engagement are established. Typically Red Team customers keep the test secret wanting to test defenses without prior warning. CipherTechs develops a test plan and schedules phases including open source intelligence (OSINT), recon, and prepares multiple attack paths depending on what’s learned during discovery. Decoys and false flag are employed to deter monitoring and response. Upon completion of the “door busting” phase, time is allocated for the “Assumed Breach” phase where CipherTechs is positioned on an internal resource and attempts lateral movement and internal penetration.
Not all Red Teams are created equal. In addition to CipherTechs’ team experience, another unique feature is that a Purple Team phase is built into every project plan. No one benefits from a “gotcha” report unless detailed analysis is provided documenting what took place and why any attack steps were successful. The Purple Team phase is collaborative where individual attack unit tests are reproduced alongside the client’s SOC to improve visibility and detection rules mapped to MITRE ATT&CK. The measurable outcome of a CipherTechs’ Red Team engagement is improved defenses and detection.
Practical & Strategic Benefits
- Measure your security controls against a full-force attack
- Gain experience and insight on real-world attacks
- Increase your organizations ability to identify and respond to incidents
- Identify and fix vulnerabilites before an attacker exploits them
- Real-world SIEM log source gap analysis
Red Team Testing vs. Penetration Testing
- Red Teaming tests all defense and response mechanisms using any adversarial means necessary
- Engagements are typically 3-8 weeks long.
- Focused on moving deeper/laterally to obtain “crown jewels” or high-value targets
- Covert attack methods to masquerade/hide malicious activity from defensive controls
- Knowledge of red team activities is generally restricted to higher management to properly assess an organizations response and awareness
- Effort to evade detection and attribution. Multiple proxies and domains with high reputation are used to fly under the radar. Full dry rehearsal in lab environment with comparable security stack as target.
- Pentesing is a point in time review and exploitation of vulnerabilities within well defined guidelines
- Pentesting engagments typically last 1-2 weeks
- Focused on breadth.
- Typically no attempt to hide or mask attack activity