The aim of Red Teaming is to simulate actions of real world attackers. Unlike penetration testing, Red Teaming focuses on real world attack scenarios, not on searching for the highest number of vulnerabilities. Sample scope of such activity may include:
1. network level attacks
2. social engineering attempts against employees
3. accessing physical infrastructure”
Social engineering attacks on employees allow to evaluate level of awareness amongst them and prepare them for the real world cases, both network based and others.
It’s important to remember that organizational security is not just applications and infrastructure, but also a human factor. Regular exercises can protect employees from social engineering attacks.
“32% of data leaks come from phishing attacks” -> https://www.phishingbox.com/news/phishing-news/verizon-data-breach-investigations-report-dbir-2019
Example attack scenarios which may be executed in your organization:
1. a phishing campaign to obtain access passwords to internal applications
2. cloning access cards allowing employees to get access to the office
3. gaining access to internal network from rooms dedicated to visitors
4. impersonation of an external employee (e.g. an air conditioning technician) and then placing a network device in the office to get access from the outside
5. bypassing fingerprinting scanner to access the office
Each organisation is unique and it can be vulnerable to different attacks. Therefore, we always adjust our strategy to each organisation. If you’re interested in increasing the security awareness across your company, please fill out our contact form. Our specialists will get back to you with a tailored offer as soon as possible.