Red Teaming is designed to exceed the remit of a traditional penetration test. By pushing your virtual and physical defences to the limit, a simulated cyber-attack provides an extensive security assessment that identifies and safely exploits vulnerabilities in technology, processes and human behaviour.
While a penetration test concludes when a specific target has been compromised, a cyber-attack simulation will attempt to traverse the exposed network further in an attempt to mirror the tactics, techniques and procedures of a genuine adversary. Working within pre-defined rules of engagement, red teaming relies on a methodical and patient approach to attack, including an extensive reconnaissance phase and varied hacking methods including social engineering, custom malware deployment and physical intrusion.
A key objective of red teaming is to evade detection for the length of an engagement. While a penetration test is conducted on scoped assets, red teaming uses multiple command and control channels to escalate privileges and aid lateral movement. This creates multiple channels of attack that enables ethical hackers to maintain their presence on target networks and systematically identify valuable data that could be otherwise exfiltrated.