Test your defenses and defenders against an emulated APT attacker
In a Red-Team deployment, Redlings attempts to model a threat actor. Because Red Team deployments test not only the technology but also the effectiveness of existing processes, often very few people in the organization are familiar with a Red Team at any given time.
Because testers try to stay below the security team's radar, red-team deployments typically require more time and effort. Red team deployments require attacks that are tailored for each individual deployment.
A Red-Team follows the entire attack lifecycle executed by sophisticated, persistent attackers. In doing so, Redlings receive little or no information at the beginning of the assessment, as a Red Team is meant to emulate a real-world targeted attack. The objectives and framework of such a test are agreed upon in advance between your company and Redlings. An agreed ethical approach should take priority over the effectiveness of attack techniques, but is often in tension with the usual approach of real attackers.
The process of a Red Team.
A Red Team assessment begins with the setup of an external command and control (C2) server. From such servers, Redlings will send commands to already compromised systems in your organization. In doing so, the external C2 infrastructure uses network communication protocols that attempt to evade detection by your employees, by your service providers, and by your deployed technology.
We audit externally accessible IT systems for immediate compromise. Due to the widespread use of social engineering methods by modern attackers, Redlings is also likely to use social engineering attacks for initial compromise. This may include email- or phone-based social engineering in particular.
After the initial compromise, Redlings will look for means to escalate user privileges and move around your internal network. One of our goals will likely be to gain domain administrator privileges on your internal network.
Redlings uses domain administrator privileges as needed to achieve the specified objectives for the assessment. All activities described are performed in a manner to minimize detection by Blue team members. We use open source tools, commercial tools, and also in-house development for our Red Team assessments. The toolset and procedures used are typically tailored to the attackers being emulated.
A Red Team Assessment is a service offering for organizations that already have a mature security program and are seeking to test their defenses and incident response procedures against a determined adversary.