Red Teaming

Attack emulation by certified experts

Identify and eliminate hidden vulnerabilities in your IT security.

Test your defenses and defenders against an emulated APT attacker

In a Red-Team deployment, Redlings attempts to model a threat actor. Because Red Team deployments test not only the technology but also the effectiveness of existing processes, often very few people in the organization are familiar with a Red Team at any given time.
Because testers try to stay below the security team's radar, red-team deployments typically require more time and effort. Red team deployments require attacks that are tailored for each individual deployment.

Red-Team

A Red-Team follows the entire attack lifecycle executed by sophisticated, persistent attackers. In doing so, Redlings receive little or no information at the beginning of the assessment, as a Red Team is meant to emulate a real-world targeted attack. The objectives and framework of such a test are agreed upon in advance between your company and Redlings. An agreed ethical approach should take priority over the effectiveness of attack techniques, but is often in tension with the usual approach of real attackers.

The process of a Red Team

.
A Red Team assessment begins with the setup of an external command and control (C2) server. From such servers, Redlings will send commands to already compromised systems in your organization. In doing so, the external C2 infrastructure uses network communication protocols that attempt to evade detection by your employees, by your service providers, and by your deployed technology.
We audit externally accessible IT systems for immediate compromise. Due to the widespread use of social engineering methods by modern attackers, Redlings is also likely to use social engineering attacks for initial compromise. This may include email- or phone-based social engineering in particular.
After the initial compromise, Redlings will look for means to escalate user privileges and move around your internal network. One of our goals will likely be to gain domain administrator privileges on your internal network.
Redlings uses domain administrator privileges as needed to achieve the specified objectives for the assessment. All activities described are performed in a manner to minimize detection by Blue team members. We use open source tools, commercial tools, and also in-house development for our Red Team assessments. The toolset and procedures used are typically tailored to the attackers being emulated.
A Red Team Assessment is a service offering for organizations that already have a mature security program and are seeking to test their defenses and incident response procedures against a determined adversary.

Why Redlings?

Porto Headers
A Trusted Partner

In-depth threat analysis and consultation

Include current Cyber Threat Intelligence information

A deep understanding of how hackers work

In accordance with recognized rules of technology (BSI, PTES, PCI DSS, OSSTMM, NIST, OWASP)

Comprehensive post-test support for effective elimination of detected risks

.

Your Contact

Dr. Ewan Fleischmann

Founder

  • Over 15 years in IT security
  • Consulting for medium-sized businesses, DAX companies and financial institutions.
  • PhD thesis cryptography with 15+ international publications in IT security.
  • Conference Speaker and Trainer
  • SANS Advisory Board Member
  • 15+ certifications, including CISSP, OSCP, OSCE.

Have we sparked your interest?

Just give us a call or write us a message!

Erfolgreich! We have received your request. Thank you very much.
Fehler! An error occurred while sending. Please use another way to contact us!

Ähnliche Leistungen

Penetrationstests

Penetrationstests

Penetration Testing: Secure your digital infrastructure from hackers and criminals. Find security vulnerabilities before the attackers through a pentest.
Network Pentest

Network Pentest

A network penetration test is a security assessment for your organization's internal or external IT infrastructure and exposed network services.
Web Application Penetration Testing

Web Application Penetration Testing

We examine your web applications and web servers for vulnerabilities.
Social Engineering & Phishing Testing

Social Engineering & Phishing Testing

A Social Engineering Security Assessment may range from simple email phishing to sophisticated campaigns using multiple communication techniques including spearphishing, vishing and on-site engagement.
Active Directory Security Assessment

Active Directory Security Assessment

An Active Directory Security Assessment includes a forest and domain trust configuration and security review as well as an assessment of controls for administrative groups and privileged access accounts.
Cloud Penetration Testing

Cloud Penetration Testing

With our cloud security assessment one or more systems in a cloud environment are reviewed for security (e.g. AWS, Azure, GCP).
Social Engineering & Phishing Testing

Social Engineering & Phishing Testing

A Social Engineering Security Assessment may range from simple email phishing to sophisticated campaigns using multiple communication techniques including spearphishing, vishing and on-site engagement.

Ratgeber

We use cookies to improve user experience and analyze website traffic. Read about how we use cookies and how you can control them by clicking "Privacy Preferences".

Privacy Preferences I Agree

Privacy Preferences

When you visit any website, it may store or retrieve information through your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to permit data collection from certain types of services. However, not allowing these services may impact your experience.

Privacy Policy

You read and agreed to our Privacy Policy

REQUIRED
YouTube

We use the YouTube service to enable video content streaming on this site.

Privacy Policy