Red Team Service and Consultancy Package
Red Team Service and Consultancy Package
Unfortunately, the “Red Team” service in the sector is not fully known and defined incorrectly. This leads to an incomplete understanding of the scope and value of the Red Team service.
Categories: Cyber Security
Tag: Internal and External Cyber Threat, Red Team
- The Red Team service is not “continuous vulnerability scanning”.
- Red Team service is not just a “physical attack”.
- The Red Team service is more than a pentest or penetration test. The purpose of Penetration Testing is generally to identify vulnerabilities in a very short time, try to exploit them and report them. But a real-world ransomware or APT attack goes far beyond that. All the steps, from infiltration to lateral operations, raising rights, and exploration, are carried out patiently.
Against such attacks, the “resistance” of all components of the institution should be measured and tightened.
- The Red Team service already covers all of the elements in the institution’s specification such as Penetration Test, DDoS Service, Social Engineering Test.
- The purpose of the phishing attacks carried out in the Penetration Test is generally for educational and awareness purposes. As a result, a statistic emerges and is reported. In the red team, target-oriented attacks are prepared with the “Spear Phishing” method. Here, first the targets are profiled, a scenario specific to that person is prepared, methods are applied to prevent the sent e-mail from falling into the spam folder, and (harmless) malware is sent within the e-mail, targeting the victim to download and run them. Of course, this whole process is carried out step by step in a transparent way.
- Today, all institutions make large investments for their own security equipment and personnel. Everyone knows the importance of cyber security. The Red Team service actually starts at this point. What can a patient attacker do and how far can he go when all security devices and configurations are up? How many traces does it leave? What can it overcome? What is the resistance of the systems against them?
- Therefore, one of the main purposes of the Red Team service is to provide training and consultancy to the Blue Team. While operating each operation scenario, all findings are analyzed together with the Blue Team and necessary tightening is provided.
- The Red Team Test is basically a special testing process that requires advanced engineering that includes scanning, analyzing, infiltrating and tightening all the building blocks of an information system against possible cyber attacks.
- Scenarios to be prepared within the scope of the Red Team Test; they simulate real-world attacks. At this point, after a certain stage, the use of cyber-armed methods and files within the scope of scenarios is one of the main goals.
- In the Red Team scenarios, all surfaces of the MITER Attack Matrix and all of the Lockheed Martin Cyber Kill Chain steps are addressed whenever possible. Thus, the effect of any attack scenario at any stage and the trace information it will leave with it are revealed.
- Naturally, one of the biggest benefits of Red Team testing is providing feedback to the Blue Team team.
- Our Red Team service will consist of two phases, Black/Grey/White Box and Red Box.
Please click for the Red Team Methodology.
All vulnerabilities and findings (with screenshots and solution suggestions) detected as a result of the tests carried out, together with the prevention, detection and intervention capabilities/controls of the institution for all these studies will be evaluated in terms of both their existence and effectiveness, and the results will be prepared and submitted by preparing an understandable Final Report.
The first package of our Red Team service will last 6 months. While the Red Team tests continue with the information obtained during this process, the creation of new scenarios in the lab environment (to be used in the following stages) will continue in the background.
During the first 6 months of service, it is estimated that the Black box phase will be 2 months, the gray/white box testing phase will be 1 month, and the operation of the red team scenario operations will be 3 months.
If deemed appropriate, the period will be updated for the next 6 months or years.
Please click for the Red Team Service Activity Calendar.
NOTE: The times specified in the calendar are given in the light of experience and may vary. In addition, the red team tests follow a cyclical course. Therefore, the phases may not follow each other and/or be executed in parallel.