Red Teaming

Secure Your Organization Today

Get Started

Red Teaming

Multi-blended, adversarial-based attack simulation against people, software, hardware and facilities performed simultaneously


The objective of a red team test is to obtain a realistic level of risk  and vulnerabilities against your Technology, People and Physical/Facilities.

  1. Technology — Networks, applications, routers, switches, appliances, etc.
  2. People — Staff, independent contractors, departments, business partners, etc.
  3. Physical — Offices, warehouses, substations, data centers, buildings, etc.

Red teaming is a multi-blended attack involving several facets of social engineering, physical penetration testing, application penetration testing and network penetration testing, simultaneously. It’s aimed at revealing real-world opportunities for malicious insiders or bad actors to be able to compromise all aspects of your organization in such a way that allows for unauthorized virtual and/or physical access to sensitive information leading up to data breaches and full system/network compromise.

This type of test is an attack simulation carried out by our highly trained security consultants in an effort to:

  • Identify physical, hardware, software and human vulnerabilities
  • Obtain a more realistic understanding of risk for your organization
  • Help address and fix all identified security weaknesses


Business Insider Rides Shotgun as RedTeam Security Hacks the Power Grid

Business Insider Rides Shotgun as RedTeam Security Hacks the Power Grid


Red team is in our name. Our consultants have experience virtually and physically infiltrating some of the most secure environments the same way bad guys would. They leverage this experience to zero in on critical issues and provide actionable remediation guidance.


  • Approach


    RedTeam Security’s web application penetration testing service utilizes a comprehensive, risk-based approach to manually identify critical application-centric vulnerabilities that exist on all in-scope applications.

    1. Information Gathering
    2. Threat Modeling
    3. Vulnerability Analysis
    4. Exploitation
    5. Post-Exploitation
    6. Reporting

    Using this industry-standard approach, RedTeam’s comprehensive method involves the OSSTMM and a proprietary approach developed through the years of experience that includes, but not limited to: Passive Reconnaissance, Open Source Intelligence (OSINT), Active Reconnaissance (drones, onsite covert observation), Vulnerability Identification, Exploitation, Post-Exploitation and more…


    In order to perform a comprehensive real-world assessment, RedTeam Security utilizes commercial tools, internally developed tools and the same tools that bad actors might use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.


    We consider the reporting phase to mark the beginning of our relationship. RedTeam strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverable. We provide clients with an online remediation knowledge base, dedicated remediation staff and ticketing system to close the ever important gap in the remediation process following the reporting phase.

    We not only find vulnerabilities, we are here to fix them.

    Remediation & Re-testing

    Simply put, our objective is to help fix vulnerabilities, not just find them. As a result, remediation re-testing is always provided at no additional cost.

  • Methodology


    Each and every web application penetration test is conducted consistently using globally accepted and industry standard frameworks. In order to ensure a sound and comprehensive penetration test, RedTeam leverages industry standard frameworks as a foundation for carrying out penetration tests. At a minimum, the underlying framework is based on the NIST Special Publication 800 Series guidance and OSSTMM but goes beyond the initial framework itself.

    Passive Reconnaissance

    The first phase in a physical penetration test is focused on collecting as much information as possible about the target. Passive Reconnaissance, aka Information Gathering, is one of the most critical steps of a physical pen test. This is done through the use of public tools, such as Google Earth. As a result, it is usually possible to learn a great deal about the target’s surroundings and environment.

    Open Source Intelligence

    An important phase in a physical penetration test focuses on collecting information that is freely available. Open Source Intelligence Gathering can be quite telling about a target, its people and specifics about the environment. This is done through the use of a different set of public tools, such as social networks, job boards, etc. Through thorough analysis, it begins to paint a picture of the target and its primary operations.

    Active Reconnaissance

    Active Reconnaissance in a physical penetration test generally involves gathering information offline. This often includes telephoning, emailing or otherwise directly querying target staff or vendors of the target for material not available or impossible to obtain through online means. The information obtained will be used to build a better plan as the process progresses.

    Covert Observation

    Covert Observation is exactly what is sounds like. This often includes includes covert photography of the target up close in an effort to identify physical security controls and monitoring staff as they are coming and going.

    Attack Planning

    By this time, the information collected in the previous phases are beginning to coalesce. Vulnerabilities, exit points, entrance points, cameras, guards, fences, company technology, staff members and other relevant information are used to begin planning an attack.


    Planning and intelligence gathered by various means by now have morphed into a plan of attack including. Pretexting involves setting the plan into action and ensuring the team’s equipment, transportation and personnel are synchronized and ready to execute.

    Infiltration, Exploitation & Post-Exploitation

    During these phases, the team carries out the plan by exploiting vulnerabilities discovered using information and intelligence captured during the earlier phases of the assessment. Post-exploitation involves penetrating further into the environment and setting up to maintain a persistent backdoor.

  • Deliverable


    At RedTeam Security, we consider the Delivery / Reporting phase to be the most important and we take great care to ensure we’ve communicated the value of our service and findings thoroughly. The deliverable consists of an electronic report that includes several key components including, but not limited to: Executive Summary, Scope, Findings, Evidence, Tools and Methodology. In addition to the report, a raw file in comma-separated value (CSV) format is also provided in an effort to optimize the remediation and management of any identified findings.

    Findings are communicated in a stakeholder meeting and typically presented in-person or virtually via Webex — whichever medium is most conducive for communicating results effectively. During this time, RedTeam Security consultants will walk through the report, in detail, to ensure all findings and their corresponding description, risk rating, impact, likelihood, evidence and remediation steps are thoroughly understood. While this typically involves a single meeting, there is no limitation to that number. The key underlying message is that all information is clearly understood and that a roadmap toward remediation / mitigation is crystal clear.


    Some of the key components to our red teaming deliverable include, but are not limited to:

    * Scope
    * Control Framework  (ie: OWASP, PCI, PTES, OSSTMM)
    * Timeline
    * Executive Summary Narrative
    * Technical Summary Narrative
    * Report Summary Graphs
    * Summary of Findings
    * Findings (Description, Business Impact, Recommendation, Evidence, References, CVSS, Risk Rating Calculation)
    * Methodology and Approach
    * Risk Rating Factors
    * Tools

  • FAQ

    Frequently Asked Questions

    Why should should I conduct a red team test?

    A red team test is a multi-blended simulated attack from the perspective of bad guy or group of bad guys. The objective is to realistically simulate a virtual and physical security attack and attempt to uncover security vulnerabilities that might otherwise be discovered by bad actors. In doing so, you would gain valuable insight into the security posture of the assets and be able to fix them before hackers are able cause serious damage by exploiting them.

    How long does it take to conduct a red team engagement?

    The overall time depends on the size and complexity of the assets. This includes physical locations, staff, infrastructure, etc.. That said, most tests take anywhere from two weeks to six weeks, start to finish.

    How much does an red team engagement cost?

    We get this question a lot and it’s not easy to answer until some level of scoping has been performed. Our scoping process is quick, online and painless. But overall, the number of locations and the objective will ultimately determine its cost. For example, when determining the work effort, we take the following into account: applications, networks, number of staff, number of target locations, goals, travel from locations, timeframe, etc.

Services Datasheet

Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.



Our Penetration Testing, Social Engineering and Red Teaming services go beyond the checkbox to help prevent data breaches

Secure Your Organization Today

Talk To An Expert