Red Teaming is a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access.
Red Teams are usually external groups hired to make an impartial assessment of the network or system. Red teams challenge the current security policies. The customer sets the scope of the project to specify the area of information to be assessed.
The scope of the Red Teaming assessment can be very general or very specific when defining what the assessment will include or address. The scope of the project depends on time or cost of the assessment and/or on the objective of the assessment as defined by the customer.
Our testing activities related to a red teaming vulnerability assessment can consist of several types of attacks. Depending on your requirements, the following attack scenarios may be included during the vulnerability assessment:
- creating a phishing website and sending your personnel E-mail about registering their computer assets
- sending E-mail to your employees to reveal sensitive information
- contacting the helpdesk to reveal a password of a user account already known