The scope of the Red Teaming assessment can be very general or very specific when defining what the assessment will include or address. The scope of the project depends on time or cost of the assessment and/or on the objective of the assessment as defined by the customer.
Differences between Red Teaming and Penetration Testing
- Penetration testing focuses on identifying as many technical vulnerabilities as possible in a pre-defined IT system that could leave your organisation open to an attack. While the aim of Red Teaming is not to find as many security vulnerabilities as possible. The goal here is either to find the most effective way to hack into a company or to achieve a specific goal (e.g. to be domain admin or to steal sensitive data),
- Red Teaming aims to demonstrate how security controls and the internal security team can be bypassed.