Red Teaming

Red Team (RT) Engagements are scenario-based engagements driven by specific threat goals.

 

Red teaming focuses on security operations as a whole and includes people, processes, and technology. Red teaming specifically focuses on goals related to training blue teams or measuring how security operations can impact a threat’s ability to operate.

 

Technical flaws are secondary to understanding how the threat was able to impact an organization’s operations or how security operations were able to impact a threat’s ability to operate. This service differs from a classic penetration test in that the team leverages tools and techniques that are often outside the scope of most pen testing.

 

This includes phishing, simulated malware payloads, social engineering, and more. This more comprehensive engagement is performed over a less restrictive timeline to allow us to fully probe your network and people.

The service can be combined with threat intelligence to enable the attack to simulate one or more specific attack groups. When doing so Banshie will create custom modules to ensure that tools and techniques mimics an attack group as much as possible

IMPROVE THE SECURITY POSTURE

Red Teaming is an exercise to improve incident response and security empathy (in the organization

A REALISTIC PERSPECTIVE

A realistic perspective on the effectiveness of defenses require realistic test cases

TEST YOUR CAPABILITIES AGAINST A REAL ATTACK

Test your organization’s detection capabilities and resilience against modern advanced attackers

CUSTOMER VALUE

DELIVERABLE

At the end of the simulation the company will receive a full report containing an executive summary and details on the attack path taken by Banshie.

In addition to this the company will receive a full overview of the actions performed by Banshie mapped to the MITRE ATT&CK framework.

 

These mappings can be used  as part of the MITRE ATT&CK Service or internally to map out and document areas of improvement against future threats.

Banshie will also provide a full description and thought process behind the attack and as well as key areas of improvement. The end deliverable will contain at least the following:

  • Executive Summary

  • Attack narrative incl. dates and timestamps

  • Technical details

    • Exploitable vulnerabilities found

    • Remediation and mitigation strategies

    • Indicators of Compromise for post-exercise analysis

    • Details on working and effective defenses

  • MITRE ATT&CK Mapping

  • Custom Proof of Concept code

  • Exercise walkthrough with blue team.

METHODOLOGY

In an attack simulation the company will test their defenses and detection capabilities.

Banshie will perform a “closed book” test simulating a real threat attacking the organization.

 

Based on the assumed breach mentality we will simulate a real attacker based on real tools and technique to train the detection and response readiness.

We will use the techniques and tools used by real attackers to demonstrate exploitable vulnerabilities and strong defenses present in the current security posture.

This will give an overview of which areas to improve.

The engagement follows the Cyber Attack Life cycle. The first part of the engagement is to get past the perimeter defenses.

 

Often a “cut off” time period is set and is a pre determined time period before we enter perform de-chaining from Attack Life Cycle this is done when the Red Team deems external perimeter too time consuming and rescope into Assumed Breach situation where the customer ensures a foothold on the internal network.

Ready to get started?

Our security experts are standing by to help you with an incident or answer questions about our consulting and managed detection and response services.

Banshie has a wide skillset and many years of experience in penetration testing and exploit development and are standing by to help you

TIBER-DK

The Danish National Bank and the financial sector have joined forces to establish the Red-Team exercise called, TIBER-DK

TIBER-DK is the danish implementation of TIBER-EU which is a common European framework developed by the ECB which delivers a controlled, bespoke, threat intelligence-led red team test of entities’ critical live production systems. 

Threat intelligence-led red team tests mimic the tactics, techniques and procedures of real-life threat actors who, on the basis of threat intelligence, are perceived as posing a genuine threat to entities. 

A threat intelligence-led red team
test involves the use of a variety of techniques to simulate an attack on an entity’s critical functions and underlying systems, i.e. roles, processes and technologies. 

It helps an entity to assess its protection,
detection and response capabilities.

If your oganization is looking to perform a Tiber-DK exercise please dont hesitate to contact us