Understand Red Teaming

In this video, our Red Team Lead, Justin Chong, sheds light on Red Teaming in the InfoSec World. Some of the topics includes: 

  • What is Red Teaming? 00:26
  • Red Teaming VS Penetration Testing 02:20
  • Benefits of Red Teaming 04:27
  • Requirements of Red Teaming. 05:22

The concept of Red Teaming has been floating around. But what exactly is red teaming?

Red Teaming is a concept that originates from the US military, which aims to simulate and demonstrate attacks of real-world adversaries, with the attempt to compromise the various aspects of security.

While the military focuses on simulating war attacks, in the InfoSec World, a Red Teaming engagement focuses on testing and assessing the various aspects of an organisation’s overall security. This includes:  

  • Physical aspect – Locks and the physical doors and barriers of your premises, etc.
    Some examples would be lockpicking or Radio Frequency Identification (RFID) skimming. 
  • Social aspect – Your employees, etc. 
    In terms of their security awareness and general knowledge of social engineering methods such as phishing, tailgating and impersonation attacks.
  • Technological aspect – Routers, devices, Local Area Network (LAN) ports etc.
    Some examples would be accessing sensitive information by connecting to your LAN ports or even breaching the internal WIFI access. But don’t mistake it for your usual network infrastructure penetration test.

1. Engagement Objectives

The first difference would be that a Red Teaming engagement is objective-focused – on crown jewels, whereas a Penetration Test focuses on identifying as many security gaps/vulnerabilities within the given environment.
A
lso, Red Teaming focuses on achieving a particular set of outcomes, while the penetration test aims to achieve a wide breadth.

Some examples of Red Teaming include: 

Gaining access to your private Wi-Fi in your premises 

From a Penetration Test perspective, we would brute force the password or even drop Internet Control Message Protocol (ICMP) packets to gather information and decipher the password. 

From a Red Teaming perspective, it can be done through either impersonating as a new employee to ask around for the Wi-Fi password or even impersonating as a service repair man from the internet provider to gain access to the network/ server room. 

2. Engagement Objectives

Red Teaming focuses on evading detection and, as such, generally creates little noise within the environment

In contrast, a traditional penetration test, for example, Network Infrastructure Penetration Test, focuses on identifying all possible vulnerabilities in the environment within the stipulated timeframe. And as such, these engagements typically generate a more considerable amount of traffic and noise within the environment

However, this would vary from project to setup. For example, there might come a need to bypass endpoint detection within an internal environment for a network infrastructure penetration test. Hence, lesser noise will be generated during the engagement. 

Read more about Red Teaming VS Penetration Testing here

What are the benefits of a Red Team?

The Red Teaming presents a controlled environment to test and assess an organisation’s security team against a real-life simulated attack. With that, organisations can better understand their environment and fully assess the effectiveness of their security controls.

In the context of Working from home

While the traditional concept of Red Teaming often involves physical break-in to the environment, due to Covid-19 and the ever-changing landscape, there has been a shift from the traditional lock breaking to the perspective of social engineering. This includes phishing and pivoting attack vectors. Or rather, the Red Team can combine both, with phishing being the means to the cause of a compromise.

For example, a malicious executable can be attached to an email. 

With it being downloaded and run on the staff’s computer, this can be propagated to various other members of the organisation, allowing the attacker to gain access to the internal environment. This is extremely crucial, especially looking at the current climate with employees working remotely and using Virtual Private Network (VPN) to access internal resources.

Therefore, even in the context of remote working, Red Teaming can test your technological controls and ensure that training is in place to prevent a malicious attacker from gaining access to the system.

What are some requirements of a Red Teaming Engagement?

Maintaining a minimum level of security posture.

Conducting regular penetration tests, like Network Infrastructure Penetration Test and Web Application Penetration Test. This weeds out the low-hanging fruits/ vulnerabilities/ security gaps within the environment. This allows the Red Team to focus the engagement on achieving the crown objectives.

Possess a certain level of cyber security maturity in the form of policies.

Having relevant policies, processes and plans like Incidence Response Plan (IRP), Business Continuity Plan (BCP), and Disaster Recovery Plan (DRP) in place. This ensures that employees can respond in the event of an attack and assess the responses during the engagement.

All in all, a certain level of the organisation’s cyber maturity is required for an effective Red Teaming engagement as the Red Team enters the environment.

Secure your business with us

Book a consultation with us now to see how you can better your security posture. We strive to understand your business objectives and challenges to ensure that we uplift your organisation at minimal disruptions to your day-to-day activities. Simply drop us an email at info@privasec.com or call us at +65 6610 9597 (SG) / 1800 996 001 (AU) for more details
Scroll to Top