Security Testing

What is Red Teaming?

Red Teaming (a.k.a. Objective Based Penetration Testing) is an adversarial attack simulation against an organisation. It requires a holistic overview of the organisation and is designed to achieve a specific objective.

The primary goal of the exercise is to assess the organisation’s ability to prevent, detect, and respond to cyber-attacks and discover potential weaknesses that may not be identified through standard vulnerability and penetration testing exercises. A thorough Red Teaming exercise will expose vulnerabilities and risks regarding technology, people, process, and physical.

Red Teaming serves to complement other forms of security testing (e.g. penetration test, vulnerability assessment, code review) and should be incorporated into the security testing exercise of an organisation as it grows in its security maturity level.

img-red-teaming

Difference between
penetration testing & red teaming

WordPress Tables Plugin

Objective of this assessment

Build stronger resistance against cyber attacks
Identify security gaps in people, process, and technology
Achieve purple team

Approach & Methodology

The proposed objectives for Red Teaming are commonly based on MITRE ATT&CK Framework

Initial Access
Execution
Persistance
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact

Case Studies

Find out how softScheck’s team of security professionals achieves its Red Teaming objectives by testing our client’s cyber security abilities against real-world targeted attacks.

WordPress Plugin TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

We discovered a Stored Cross-site Scripting (XSS) vulnerability on the WordPress Plugin, TranslatePress, on 06 August 2021. This WordPress translation plugin assists with the translation of website content from and…

Singtel’s Zero-Day Cyberattack – Anticipate OR Re-Act to Attacks?

Singapore’s telecom giant, Singtel, has fallen victim to a zero-day cyberattack which stemmed from security bugs in a third-party software – the Accellion legacy file-transfer platform.