Security Testing
What is Red Teaming?
Red Teaming (a.k.a. Objective Based Penetration Testing) is an adversarial attack simulation against an organisation. It requires a holistic overview of the organisation and is designed to achieve a specific objective.
The primary goal of the exercise is to assess the organisation’s ability to prevent, detect, and respond to cyber-attacks and discover potential weaknesses that may not be identified through standard vulnerability and penetration testing exercises. A thorough Red Teaming exercise will expose vulnerabilities and risks regarding technology, people, process, and physical.
Red Teaming serves to complement other forms of security testing (e.g. penetration test, vulnerability assessment, code review) and should be incorporated into the security testing exercise of an organisation as it grows in its security maturity level.
Difference between
penetration testing & red teaming
| Penetration Testing | Red Teaming |
| Primary objective is to identify as many vulnerabilities as possible, in a limited scope | Primary objective is to stress and enhance organisational ability to detect and respond to adversaries. |
| Limited scope, asset-based technical assessment | Objective-based, open-scoped, designed to demonstrate critical impact to a business or organization. Targets people, process and technology |
| For compliance purpose | Obtain a more realistic understanding of risk of organization through simulating real-world attacks |
| Made known to all the stakeholders | Covert. Only the Exercise Working Group is aware of the exercise |
| Execution aligned to industry recognized technical methodologies | Execution aligned to mimicking Tactics, Techniques and Procedures of real-world adversaries |
| Example To ensure underlying web server and associated DMZ have been hardened and configured to best practices | Example To escalate privileges on the network, move laterally, access a sensitive file-share or gain control over the environment by compromising a privileged user's account |
Objective of this assessment
Approach & Methodology
The proposed objectives for Red Teaming are commonly based on MITRE ATT&CK Framework
Case Studies
Find out how softScheck’s team of security professionals achieves its Red Teaming objectives by testing our client’s cyber security abilities against real-world targeted attacks.
WordPress Plugin TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
We discovered a Stored Cross-site Scripting (XSS) vulnerability on the WordPress Plugin, TranslatePress, on 06 August 2021. This WordPress translation plugin assists with the translation of website content from and…
Singtel’s Zero-Day Cyberattack – Anticipate OR Re-Act to Attacks?
Singapore’s telecom giant, Singtel, has fallen victim to a zero-day cyberattack which stemmed from security bugs in a third-party software – the Accellion legacy file-transfer platform.
