• The Red Team service is not “continuous vulnerability scanning”.
• Red Team service is not just a “physical attack”.
• The Red Team service is more than a pentest or penetration test. The purpose of Penetration Testing is generally to identify vulnerabilities in a very short time, try to exploit them and report them. But a real-world ransomware or APT attack goes far beyond that. All the steps, from infiltration to lateral operations, raising rights, and exploration, are carried out patiently.
  Against such attacks, the “resistance” of all components of the institution should be measured and tightened.
• The Red Team service already covers all of the elements in the institution’s specification such as Penetration Test, DDoS Service, Social Engineering Test.
• The purpose of the phishing attacks carried out in the Penetration Test is generally for educational and awareness purposes. As a result, a statistic emerges and is reported. In the red team, target-oriented attacks are prepared with the “Spear Phishing” method. Here, first the targets are profiled, a scenario specific to that person is prepared, methods are applied to prevent the sent e-mail from falling into the spam folder, and (harmless) malware is sent within the e-mail, targeting the victim to download and run them. Of course, this whole process is carried out step by step in a transparent way.
• Today, all institutions make large investments for their own security equipment and personnel. Everyone knows the importance of cyber security. The Red Team service actually starts at this point. What can a patient attacker do and how far can he go when all security devices and configurations are up? How many traces does it leave? What can it overcome? What is the resistance of the systems against them?
• Therefore, one of the main purposes of the Red Team service is to provide training and consultancy to the Blue Team. While operating each operation scenario, all findings are analyzed together with the Blue Team and necessary tightening is provided.

Please click for the Red Team Methodology.

All vulnerabilities and findings (with screenshots and solution suggestions) detected as a result of the tests carried out, together with the prevention, detection and intervention capabilities/controls of the institution for all these studies will be evaluated in terms of both their existence and effectiveness, and the results will be prepared and submitted by preparing an understandable Final Report.

The first package of our Red Team service will last 6 months. While the Red Team tests continue with the information obtained during this process, the creation of new scenarios in the lab environment (to be used in the following stages) will continue in the background.

During the first 6 months of service, it is estimated that the Black box phase will be 2 months, the gray/white box testing phase will be 1 month, and the operation of the red team scenario operations will be 3 months.

If deemed appropriate, the period will be updated for the next 6 months or years.

Please click for the Red Team Service Activity Calendar.

NOTE: The times specified in the calendar are given in the light of experience and may vary. In addition, the red team tests follow a cyclical course. Therefore, the phases may not follow each other and/or be executed in parallel.