Red Team Testing in Practice

Red Team Testing

Introduction

In this case study our client is an international company with thousands of workstations and servers in total at different premises. These hosts are organized in several domains and the domains are collected in a common domain forest. Our client wanted to know how big threat a malicious employee with minimal access would present to the systems of the company. At the same time he also wanted to test the IDS and IPS solutions being introduced in practice.

What can we do if we, as responsible decision makers, wonder how our systems in whole would react to a real attack? It is easy to see that the traditional vulnerability assessment is not the best choice in this case, as it is more like a security audit than a real hacker attack. Whereas the goal of the red team testing approach is to provide the client with a realistic picture of how efficient the introduced policies and how well-trained the IT specialists are, and what level of safety awareness the employees have in general. Accordingly the red team testing is the simulation of a real attack, which is only known to a small group of insiders at the customer. In the course of the simulation the attacker’s goal is usually to compromise the client’s system to the greatest possible extent without causing intentional damage of course.

The team of Boltonshield has already gained many years of experience in the field of red team testing and seen a lot of interesting cases during several successful projects. It is important to note that the starting point for the red team testing projects is always subject to agreement. Before making a decision we have to identify the client’s needs and also the possible directions of the attacks that the systems are most exposed to.

In the case used for the study the red team testing lasted a week according to our agreement. The project ends prematurely in case we manage to prove that the system can be compromised decisively or our activity gets discovered.

You can get in touch with us to find out exactly how Boltonshield can help your organisation.

Iratkozzon fel a Hírlevelünkre

Sign up for our content, including blog articles, news, tips and more