Skip to main content
What is Advanced Adversary Simulation?

A Cyber Red Teaming/Advanced Adversary Simulation is the next step in a security program. A goal-based simulated attack will leverage any agreed-upon methods needed to achieve the defined goal over an extended period. During the Advanced Adversary Simulation, the team will work as an attacker to evade detection while pursuing the identified goal. A real adversary will take their time to exploit a target, so will the Cyber Red Team. If the Cyber Red Team is detected or stopped, they will re-group and identify a new plan of action until they are successful or an agreed-upon end of engagement is reached.

After objectives are set, testers will deploy several "initial access activities" designed to gain a foothold into your network and establish persistent access. Using spear-phishing attacks, an MS Office document, or other code, testers deliver a malicious payload that provides access to the network. Then they wait, maintain persistence, and thoughtfully explore probable attack routes.

Because the testers have the luxury of time, they might choose to add physical tactics to the engagement. A successful USB drop might provide a route with more privileges. Depending on the objective, testers may overtly interact with staff to persuade them into giving credentials. Testers may also act covertly, attempt to blend in and gain access into certain restricted areas of the organization and remain unnoticed. Testers might choose to visit an abandoned office and drop off a network plug-in. Both overt and covert tactical approaches are easily intertwined to provide a more comprehensive evaluation. Testers closely monitor all attacks, and their ability to gain additional network access is carefully documented. Once the testers can escalate their presence and continue to move laterally around the network, they begin to exfiltrate data.

Some organizations that conduct Advanced Adversary Simulation engagements for the first time might invite their security teams to participate in the engagement actively. Testers will conduct attacks and work closely with teams to see if they could spot the attack and identify the defensive measures they executed. This type of engagement is called purple-teaming and offers the opportunity for hands-on training during real-world attack scenarios. Organizations immediately see deficiencies and understand where to assign resources to remediate critical issues quickly.

Other organizations choose to conduct an Advanced Adversary Simulation engagement after a purple team engagement, so their security teams have had the opportunity to remediate and update policies. During this Advanced Adversary Simulation engagement, the security team would not be involved, and testers ensured both that previous vulnerabilities had been remediated and identified and exploited new attack vectors.

Get a FREE security evaluation today and reduce your organization's security risk.
Schedule My Call Schedule My Call

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at 612-234-7848 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.