What is Red-Team Testing?
A security red-team is a test that aims to assess the security level of an organization, identify main weaknesses in its security posture, provide insights about the organization’s resilience level, and reveal how prepared it is to withstand a real-life attack.The way to provide such assessment is by simulating real cyber-attack. Standard process of a security red-team involves the following stages:
1. Planning – working with the client to define scope, timeline objectives. Rules of engagements and more.
2. Information Gathering – This stage may be also called threat intelligence or reconnaissance. This is the stage where the team collects information about the potential attack surface and build attack plan
3. Initial Penetration – Finding the first point of access which may be an external facing server, a user endpoint or any other endpoint in the organization network
4. Establishing control – Usually involves elevation of privileges and establishing some method of remote control (reverse shell, web shell, RDP access and etc.)
5. Lateral movement and Trophy Hunt – Once the team has established some type of control of internal resources in the network, it is time to move forward and access the most valuable assets of the organizations (e.g. access the payment system and prove you can make a transaction). These trophies are defined together with the customer at the planning stage.
Original post by Komodo Consulting: What is Security Red-Team?