Red Team Assessments
Red Team Assessments are undertaken by an elite team of trained security professionals, whose aim is to gain access to a target (e.g. customer data or credentials) using a varied number of techniques. These can include penetration testing (infrastructure, mobile and web application), telecommunication attacks, wireless attacks, social engineering (both physical and phishing) among others.
It is important to understand that these tests are live and indistinguishable from a real hacking attack by a motivated attacker.
As your security is only as strong as its weakest link, for your oganisation to be breached, it is important to test all areas of your security posture to determine its vulnerabilities. Our team of experts will follow the same process that a motivated attacker would, to map your organisation’s network and organisational structure, to investigate key physical installations, and then to proceed to target your physical, technological and social defences in a limited timeframe as not to raise suspicion.
Benefits of Red Teaming
- Identifies the risk and susceptibility of attack against key business information assets
- Techniques, Tactics and Procedures (TTPs) of genuine threat actors are effectively simulated in a risk managed and controlled manner
- Assesses the organization’s ability to detect, respond and prevent sophisticated and targeted threats
Red Team Assessments
The Razorthorn Approach
At Razorthorn, we understand that your business may be targeted by different types of adversaries, from script-kiddies and hacktivists to cyber criminal organisations. Therefore, we have created a two packages to simulate the different level of expertise a hacker may have and the level of attack your company may face.
Both packages will contain an initial phase of investigation and threat intelligence.
This level of attack will simulate the skill level of mid-level adversaries, who tend to utilise off-the-shelf products to make noise on your network and to target known vulnerabilities. Typical tests would include:
- Network penetration tests and scans
- Web application penetration tests and scans
- Wireless penetration tests
- Email phishing and other social engineering tests
This level of attack will simulate the skill level of a cyber criminal organisation, which tends to be harder to detect, utilises more sophisticated hacking techniques and will search for unknown vulnerabilities and back doors. In addition to the tests in the Silver Package, more advanced tests would include:
- Advanced social engineering with custom spear and client-side exploit
- Advanced web application tests (API endpoints, IDORs, Business Logic flaws, JSON, XML etc.)
- Reverse engineering of applications
- Mobile applications tests
- Development cycle exploitation
- Source code analysis
- Dark web investigations
- We have provided a great many organisations with penetration services over the years
- Our prices are extremely competitive. Our company ethos is that security does not need to be expensive to be effective.
- We have excellent partnerships with a variety of vendors, whose technologies give us the power to really test your company’s security.
- We provide experience, expertise and an outside-the-box approach to remediation to ensure your organisation is fully protected from threats.