Test your defenses against an emulated APT attacker
During a Red Team assessment, Redlings models an advanced threat actor. Since the technology and the effectiveness of existing processes are assessed during Red Team assignments, very few people in the organization are often familiar with the ongoing Red Team at any given point in time.
Because the testers try to move below the security team's radar, Red Team assignments typically require more time and effort. Red Team assignments require attacks that are tailored.
A Red team follows the entire attack lifecycle carried out by sophisticated, persistent attackers. Redlings receives little or no information at the beginning of the assessment, as a Red Team is supposed to emulate a real, targeted attack. The goals and framework conditions of such a test are agreed in advance between your company and Redlings. A coordinated ethical approach should have priority over the effectiveness of attack techniques, but it is often in tension with methods used by real attackers.
Red Team Process
A Red Team assessment begins with establishing an external command and control server (Command & Control, C2). From such servers, Redlings will send commands to already compromised systems in your company. The external C2 infrastructure uses network communication protocols that try to evade detection by your employees, your service provider, and the technology you use.
First, we check externally accessible IT systems for immediate compromise. Due to the widespread use of modern attackers' social engineering methods, Redlings will probably also resort to social engineering attacks for the initial compromise, as long as this is within the aligned rules of engagement. This may include, in particular, email or telephone-based social engineering.
After the initial compromise, Redlings looks for ways to escalate user permissions and move around your internal network. One of our goals will likely be to gain domain administrator rights on your internal network.
If necessary, Redlings uses the domain administrator rights to achieve the defined goals for the assessment. All activities described are carried out in a manner to minimize detection by employees of the Blue team. We use open-source tools, commercial tools, and also in-house developments for our red team assessments. The toolset used and the procedures are usually tailored to the attacker to be emulated.
A Red-Team Assessment is a service offering for companies that already have a mature security program in place and are trying to test their defense and incident response procedures against a determined adversary.