Red Team Assessment Services

Test Your Organization’s Detection and Response Capabilities

Would you like to concentrate on your company’s defense, detection, and response capabilities? Artifice Security engages with your team to create a customized attack execution model that accurately simulates the risks your company experiences. Real-world adversarial behaviors and tactics, techniques, and procedures (TTP) are included in the simulation, allowing you to assess your security program’s true efficacy when confronted with persistent and determined attackers.

testing types

What is the Difference Between a Penetration Test and Red Team Assessment?

A penetration test aims to find as many vulnerabilities as possible within a set period. During this assessment, consultants exploit flaws to show risk for individual vulnerabilities and overall risk to the organization. A penetration test may only view one segment of your organization, such as a network penetration test or a web application penetration test. During the penetration test, the security staff is usually aware of the assessment, and the consultant performing the penetration test is not trying to be stealthy. They are “knocking on every door” to see which one opens, and much of the time, they are knocking loudly.

A red team assessment is quite different as it is an assessment that measures your incident detection and response capabilities while red team members remain stealthy during the entire engagement. For this assessment, the consultants observe all areas of your organization by looking at your physical security controls, web applications, external network, wireless, and internal network. While investigating each area, the consultants aren’t trying to find every vulnerability they would on a regular penetration test but find the path of least resistance to gain access to your critical assets. While penetration testing is a crucial part of every organization’s security controls, a red team assessment accurately gauges how your security controls and detection capabilities are working against a real-life adversary.

custom solution

Custom Tailored to Fit Your Organization

Artifice Security collaborates with you to customize the service to reflect the dangers your company confronts. Our Red Team members simulate real-world hostile behavior and widely used tactics, techniques, and procedures (TTP), which allows you to measure the success of your program and the reaction of your team in the event of a breach. The red team assessment shows you how to identify possible threats in your defenses, such as technological and organizational vulnerabilities, while identifying weaknesses in your security monitoring, detection, and response. To accomplish this, Artifice Security utilizes proprietary tools, malware, and cutting-edge tactics, preparing you against real-world security threats.


Red Team Methodology

After years of performing red team assessments, Artifice Security has created a proven, repeatable methodology that will meet your organizational needs. The report will outline each vulnerability and concentrate on storyboards showing attack chains and gaps in your incident detection and response capabilities.

To achieve this success, we organize ourselves using the following steps:


Define the Scope

Penetration tests are generally concerned with which assets are in scope, while red team assessment scopes are concerned with which assets are out of scope.
  • Define which assets such as IP addresses, web applications, personnel, or facilities are out of scope
  • Provide a list of red team “flags” to capture during the assessment
  • Confirm the dates and times for testing or ranges of dates for testing
  • Collaborate with your team on activities that are allowed and not allowed, such as on-site social engineering
  • Receive an authorization letter for physical social engineering (Get-out-of-Jail-Free-Card)

Information Gathering / Recon Phase

During the information-gathering phase of the assessment, Artifice Security will perform passive information gathering against your organization using Open-Source Intelligence (OSINT) tools and techniques. This public data can help us determine undiscovered risks to your organization and show you what information is out there that you may not know exists. This targeted intelligence includes the following checks:
  • Gather IP address information about your external network and hosting providers
  • Searches for publicly exposed documents such as PDFs, DOCXs, XLSXs, and PowerPoint documents that may contain sensitive or customer information without your knowledge
  • Searches on the Internet and Darkweb for leaked credentials within password breach databases
  • Checks to find similar domain names as yours for domain spoofing
  • Scout each physical location and view wireless setup, if found

Attack Planning Phase

Artifice Security will use active information-gathering tools and techniques to determine all possible attack vectors during the attack planning phase. We will assemble data gathered from this phase and the information gathering phase as the foundation for our attack and exploitation phase.
  • Enumerate all external IP ranges and subnets
  • Analyze misconfigurations in cloud services
  • Map out the wireless network to determine the range of broadcast, SSIDs, and authentication type
  • Create social engineering pretexts
  • Capture RFID card data on-site to use for entry
  • Enumerate web applications for vulnerabilities

Attack and Exploitation Phase

During the attack and exploitation phase, Artifice Security will use manual penetration testing techniques to exploit vulnerabilities found in your organization. We perform this exploitation using professional tools and techniques while being cautious about protecting your data and not interrupting normal business functions. At this phase, we will perform the following tasks against your company:
  • Use leaked information to gain privileged access to external network systems
  • Attack external systems to pivot to the internal network
  • Attack web applications to gain access to data and to pivot into the network
  • Compromise cloud infrastructure
  • Compromise the wireless network
  • Perform on-site social engineering and phishing attacks
  • Annotate all attack times and dates for later analysis

Reporting Phase

Artifice Security will put together all the information about your organization and vulnerabilities discovered for your company during the reporting phase. We guarantee that each discovered vulnerability will be present with no false positives in the report as we use manual penetration testing.

Reporting begins with an executive summary explaining the vulnerabilities and conveying the overall risk to incident detection and response. In addition to a summary of results, we also provide a list of positive findings found during testing. Next, the report explains how we determine criticality and risk for each vulnerability so you can better understand what to prioritize for remediation and how we rate severity for each finding.

For the red team assessment, we include a detailed attack storyboard with times and dates about each attack chain so you can correlate the data with your security controls.

Further in the report, we break down each vulnerability in technical detail, including a summary of the finding, affected location(s), proofs-of-concept, and remediation steps. Each detailed proof-of-concept has easy-to-follow steps for your team to recreate the process of how we exploited the vulnerability.

In addition to the report, Artifice Security also provides you with a customer-facing report and attestation letter if needed.

  • Executive Summary that easily conveys risk
  • Vulnerabilities rated by criticality
  • Detailed walkthrough showing how we chain together attacks
  • Detailed repeatable proofs-of-concept for each vulnerability
  • Best practice remediation steps that are customized and realistic based on your current environment


Frequently Asked Questions

What is a Red Team Assessment, and how does that differ from a penetration test?

Red Team assessments are different from penetration tests as they focus on testing your incident detection and response capabilities. Red Team consultants will also move stealthily to mimic real-world attackers. During a Red Team engagement, the goal is not to find every vulnerability against your assets but to mimic a real-world attack and break in using the path of least resistance. For example, a person walking in the side door of your building and walking out with a server in hand could be the easiest path to get your data.

For penetration testing, the consultant will attempt to find as many vulnerabilities on your network or application during a set period and combine attacks to reach your critical data. This type of engagement is not stealthy and will often involve your IT staff, who knows about the occurrence of the penetration test.

In short, a penetration test attempts to find as many vulnerabilities in your organization as possible while not worried about being detected, while a Red Team assessment focuses on your incident detection and response capabilities.

Before engaging in a Red Team assessment, how many penetration tests should our company perform?

A regular penetration is designed to find all of your vulnerabilities in each area of your infrastructure (network, wireless, web applications, etc.) whereas a red team assessment is designed to find the easiest way in and to test your incident detection and response. Before finding the easiest way in, you need to make sure all of the gaps in your security are closed.

The first form of a security assessment conducted against a business should never be a Red Team engagement. Because Red Team assessments take longer and cost more, they would be a waste of time and money for any firm that isn’t confident in its present security posture.

Although each firm is different, it is usually advisable to complete two or three penetration tests before embarking on Red Team activities.

Companies with a mature security posture and the belief that they have created strong security defenses are suitable candidates for Red Team testing. The idea would be to put their already formidable defenses to the test.

Is there a way to correlate our incident detection with your Red Team attacks?

Our Red Team consultants annotate the date and time for each attack conducted. Your blue team can then correlate their logs and alerts to our red team operator’s attacks with our logs. After the red team engagement, we will sit down with your team, review the attack chain, and give you a report showing each attack and its time/date.

What are some common red team tactics?

During a red team engagement, we will conduct the following:

  • Social engineering via email and phone. Phishing emails become a lot more convincing with a little bit of research on persons or organizations. This low-hanging fruit is often the first in attacks leading to the goal.
  • Exploitation of network services. An attacker can access previously inaccessible networks or sensitive information by exploiting unpatched or misconfigured network services. An attacker would frequently leave a persistent back door to allow future access.
  • Exploitation of physical facilities. People have a natural tendency to avoid conflict. As a result, getting into a guarded organization is frequently as simple as following an employee through a door. Once onsite, our consultants can plant a network device to remotely connect or go directly for the flag, such as compromising the server room.
  • Application layer exploitation. Web applications are often the first thing an attacker sees when looking at an organization’s perimeter. Exploiting web application vulnerabilities (e.g., XSS, SQLi, CSRF, etc.) can give an attacker a foothold from which to execute further attacks.

Leading-Edge Cybersecurity