Red Teaming

Secure Your Organization Today

Get Started

Full Force Red Team™

Multi-blended, adversarial-based attack simulation against people, software, hardware and facilities performed simultaneously for the conservation of the target’s data security


The objective of a red team test is to obtain a realistic level of risk  and vulnerabilities against your Technology, People and Physical/Facilities.

  1. Technology — Networks, applications, routers, switches, appliances, etc.
  2. People — Staff, independent contractors, departments, business partners, etc.
  3. Physical — Offices, warehouses, substations, data centers, buildings, etc.

Our Full Force Red Team™ (red teaming) launches a multi-blended attack involving several facets of social engineering, physical penetration testing, application penetration testing and network penetration testing, simultaneously. It’s aimed at revealing real-world opportunities for malicious insiders or bad actors to be able to compromise all aspects of your organization in such a way that allows for unauthorized virtual and/or physical access to sensitive information leading up to data breaches and full system/network compromise.

This type of test is an attack simulation carried out by our highly trained security consultants in an effort to:

  • Identify physical, hardware, software and human vulnerabilities
  • Obtain a more realistic understanding of risk for your organization
  • Help address and fix all identified security weaknesses


Business Insider Rides Shotgun as RedTeam Security Hacks the Power Grid

Business Insider Rides Shotgun as RedTeam Security Hacks the Power Grid


Red team is in our name. Our consultants have experience virtually and physically infiltrating some of the most secure environments the same way bad guys would. They leverage this experience to zero in on critical issues and provide actionable remediation guidance.


  • Methodology
    Red Team Methodology

    Red Team Methodology – Click to Zoom


    Each and every Red Team Operation is conducted consistently using globally accepted and industry standard frameworks. In order to ensure a sound operation, RedTeam leverages industry standard frameworks as a foundation for carrying out Red Team Operations. At a minimum, the underlying framework is based on the NATO CCDCOE, OWASP, PTES, US Army Red Teaming Handbook v7, but goes beyond the initial frameworks themselves.


    The first phase in a red team operation is focused on collecting as much information as possible about the target. Reconnaissance, aka Information Gathering, is one of the most critical steps. This is done through the use of public tools, such as Maltego, LinkedIn, Google, Twitter, Facebook, Google Earth, etc. As a result, it is usually possible to learn a great deal about the target’s people, technology, surroundings and environment. This step also involves building or acquiring specific tools for the engagement.


    An important phase in a red team operation focuses on collecting information about infrastructure, facilities and employees. Open Source Intelligence Gathering can be quite telling about a target, its people, its facilities and its technical makeup, such as: physical/logical security controls, foot traffic, terrain, infil/exfil points, etc. Through thorough analysis, it begins to paint a picture of the target and its primary operations.

    Effective weaponization involves preparation of the operation specific to the target taking into full account intel gathered from the reconnaissance stage. This commonly includes: crafting custom malicious file payloads, prepping RFID cloners, configuring hardware trojans, acquiring social engineering costumes, creating falsified personas/companies and much more.


    The Delivery stage is a critical stage of the execution phase. This marks the active launch of the operation in totality. Here, RedTeam consultants carry out the actions on the target(s) intended to reach the Red Team Operation’s goals. Things like physically cloning badges, social engineering face-to-face targets, analyzing cyber vulnerabilities, planting hardware trojans for remote network persistence, etc. Among one of the most important objectives is to note the best opportunities for exploitation.


    Exploitation is exactly what it sounds like. At this point, the goal is to “break in” or compromise servers/apps/networks, bypass physical controls (ie: gates, fences, locks, radar, motion detection, cameras) and exploit target staff through social engineering by face-to-face, email, phone, fax or sms. The exploitation stage enables the preparation for the escalation and installation phase.


    The installation stage’s primary goal is to prepare for persistence. This could amount to cyber persistence or physical persistence, although cyber persistence is generally slightly more common. During this stage, RedTeam establishes a beachhead by taking advantage steps taken in the exploitation step. Things like privilege escalation on compromised servers, shells, malicious file payload installation, usage of physical key impressions and lock picked doors happen here.

    Command & Control

    Maintaining persistence is the goal for Command & Control. Also generally cyber-focused, RedTeam takes steps to ensure remote access to exploited systems are stable and reliable setting the stage for data exfiltration and other post-exploitation tasks/goals. On the physical and social side, manipulating people into enabling circumvention of physical barriers in order to create backdoors into facilities are key.

    Actions on Objective

    During this phase of a Red Team Operation, the team aims to complete the mission and realize the agreed-upon objectives set by the client and RedTeam Security. Actions on objective happens through lateral movement throughout the cyber environment as well as the physical facilities. Pivoting from compromised systems and from breached physical security controls all along capturing video, audio and photographic evidence supporting each finding discovered.

    Ultimately, the team aims to exfiltrate data, information or physical assets the target deems critically sensitive.

  • Approach


    RedTeam Security’s web application penetration testing service utilizes a comprehensive, risk-based approach to manually identify critical application-centric vulnerabilities that exist on all in-scope applications.

    1. Information Gathering
    2. Threat Modeling
    3. Vulnerability Analysis
    4. Exploitation
    5. Post-Exploitation
    6. Reporting

    Using this industry-standard approach, RedTeam’s comprehensive method involves the OSSTMM and a proprietary approach developed through the years of experience that includes, but not limited to: Passive Reconnaissance, Open Source Intelligence (OSINT), Active Reconnaissance (drones, onsite covert observation), Vulnerability Identification, Exploitation, Post-Exploitation and more…


    In order to perform a comprehensive real-world assessment, RedTeam Security utilizes commercial tools, internally developed tools and the same tools that bad actors might use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.


    We consider the reporting phase to mark the beginning of our relationship. RedTeam strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverable. We provide clients with an online remediation knowledge base, dedicated remediation staff and ticketing system to close the ever important gap in the remediation process following the reporting phase.

    We not only find vulnerabilities, we are here to fix them.

    Remediation & Re-testing

    Simply put, our objective is to help fix vulnerabilities, not just find them. As a result, remediation re-testing is always provided at no additional cost.

  • Deliverable


    At RedTeam Security, we consider the Delivery / Reporting phase to be the most important and we take great care to ensure we’ve communicated the value of our service and findings thoroughly. The deliverable consists of an electronic report that includes several key components including, but not limited to: Executive Summary, Scope, Findings, Evidence, Tools and Methodology. In addition to the report, a raw file in comma-separated value (CSV) format is also provided in an effort to optimize the remediation and management of any identified findings.

    Findings are communicated in a stakeholder meeting and typically presented in-person or virtually via Webex — whichever medium is most conducive for communicating results effectively. During this time, RedTeam Security consultants will walk through the report, in detail, to ensure all findings and their corresponding description, risk rating, impact, likelihood, evidence and remediation steps are thoroughly understood. While this typically involves a single meeting, there is no limitation to that number. The key underlying message is that all information is clearly understood and that a roadmap toward remediation / mitigation is crystal clear.


    Some of the key components to our red teaming deliverable include, but are not limited to:

    * Scope
    * Control Framework  (ie: OWASP, PCI, PTES, OSSTMM)
    * Timeline
    * Executive Summary Narrative
    * Technical Summary Narrative
    * Report Summary Graphs
    * Summary of Findings
    * Findings (Description, Business Impact, Recommendation, Evidence, References, CVSS, Risk Rating Calculation)
    * Methodology and Approach
    * Risk Rating Factors
    * Tools

  • FAQ

    Frequently Asked Questions

    Why should should I conduct a red team test?

    A red team test is a multi-blended simulated attack from the perspective of bad guy or group of bad guys. The objective is to realistically simulate a virtual and physical security attack and attempt to uncover security vulnerabilities that might otherwise be discovered by bad actors. In doing so, you would gain valuable insight into the security posture of the assets and be able to fix them before hackers are able cause serious damage by exploiting them.

    How long does it take to conduct a red team engagement?

    The overall time depends on the size and complexity of the assets. This includes physical locations, staff, infrastructure, etc.. That said, most tests take anywhere from two weeks to six weeks, start to finish.

    How much does an red team engagement cost?

    We get this question a lot and it’s not easy to answer until some level of scoping has been performed. Our scoping process is quick, online and painless. But overall, the number of locations and the objective will ultimately determine its cost. For example, when determining the work effort, we take the following into account: applications, networks, number of staff, number of target locations, goals, travel from locations, timeframe, etc.

Services Datasheet

Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.



Our Penetration Testing, Social Engineering and Red Teaming services go beyond the checkbox to help prevent data breaches

Secure Your Organization Today

Talk To An Expert