Red Team Operations

Simulated attacks enhance your information security program. NetSPI’s red team operations put your organization’s security controls, policies, response, and training to the test.

Our Red Team Operations

Our red team operations aim to gain unauthorized access to your environment while avoiding detection and maintaining access for a pre-determined period of time to test your incident response team’s ability to identify and respond to threats. Red team operations help you more accurately assess threats to IT assets, benchmark current security capabilities, justify security investments, sharpen the skills of your team, and improve detective controls.

Common Red Team Operation Models
Assumed breach | Black box test

Test Your Organization’s Ability to Identify and Respond to Threats with NetSPI Red Team Operations

All organizations face the possibility of being targeted by organized, sophisticated, and determined attackers, so it’s imperative to learn everything you can to improve your organization’s security posture. NetSPI’s red team operations leverage tactics, techniques, and procedures used by real-world attackers to help better understand exposures and your ability to respond to threats.

During our red team operations, NetSPI works with the client to define rules of engagement and project objectives to ensure clear expectations are set and met.

What to Know About
Red Team Operations

Despite the large investments many companies have made in detective controls, they often struggle to detect tactics, techniques, and procedures used by real-world threat actors during sustained and sophisticated attack campaigns.

RED TEAM ATTACKS

BLUE TEAM DEFENSES

Red Team Blue TeamPurple Team

How a Red Team Can Avoid Detection

  • Do not perform large scanning operations.
  • Do not perform online dictionary attacks.
  • Do perform recon locally and on the network.
  • Do perform targeted attacks based on recon data. 
  • Do not use common attack tools, especially on disk. Use custom attack tools whenever possible.
  • Try to stay off memory and off disk when possible.
  • Blend in with your environment. Try to behave as a normal user or application.
  • Try to use native technologies to access the environment remotely without a C2. If C2 is required, use beaconing, tunneling, and side channels.
  • Do not change major configuration states.
  • Do not create accounts or modify group memberships.
  • Do attempt to understand employed EDR solutions and tailor attacks to avoid or bypass those controls.

How a Blue Team Can Detect Less-Skilled Attackers

  • Create and maintain a security controls inventory to ensure there is an understanding of available data sources and preventative/detective capabilities.
  • Understand all the layers of your environment and define clear detective control boundaries.
  • Map out data and logging at each layer and identify indicators of access (IoA) and compromise (IoC).
  • Find detective control solutions or write your own tools. Canaries are especially effective and low cost.
  • Be creative. For example, many endpoint protection suites can detect common scanning activity in the absense of network-based IDS.
  • Audit for high-impact security events, including the most common IoAs and IoCs at each layer in your environment.
  • Work with your red team to test your controls. Red and blue teams should work together to understand attacks in depth.

Pentesting Research and Tools

Learn about penetration testing on our blog, our open source penetration testing toolsets for the infosec community, and our SQL injection wiki.

Need a Quote?
Common Questions
What is Penetration Testing as a Service (PTaaS)?

PTaaS is NetSPI’s delivery model for penetration testing. It enables customers to simplify the scoping of new engagements, view their testing results in real time, orchestrate faster remediation, perform always-on continuous testing, and more - all through the Resolve™ vulnerability management and orchestration platform. Learn More

Why should I use NetSPI?

We help organizations defend against adversaries by being the best at simulating real-world, sophisticated adversaries with the products, services, and training we provide. We know how attackers think and operate, allowing us to help our customers better defend against the threats they face daily.

How does NetSPI ensure quality results?

At NetSPI, we believe that there is simply no replacement for human-led manual deep dive testing. Our Resolve platform delivers automation to ensure our people spend time looking for the critical vulnerabilities that tools miss. We provide automated and manual testing of all aspects of an organization’s entire attack surface, including external and internal network, application, cloud, and physical security.

Our proven methodology ensures that the client experience and our findings aren’t only as good as the latest tester assigned to your project. That consistency gives our customers assurance that if vulnerabilities exist, we will find them.