Offensive Security

Red Team Trainings

Security and penetration testing from the attacker's perspective

Every company today represents an attractive target for attackers, including yours. Confidential employee data, development or research results, financial data or critical infrastructure like power and water, or simply money through extortion, every company has assets worth sabotaging or stealing. That's where the Red Team comes in. Called a Red Team Assessment, it tests the security of systems within the company by attempting to hack them. A Red Team can be staffed within the company, or consist of a group of externally contracted penetration testers.


What is the Red Team concerned with?

The Red Team's task is to work out realistic attack scenarios and methods, and then execute them in the corporate environment. The goal is not only to document a successful attack in detail, but also to make recommendations as part of the penetration test report to help both decision makers and operational areas improve system security. Such assessments take place either with the knowledge of the company's internal IT or Blue Team, or without the knowledge of the operational departments. Of course, everything necessary is discussed with management in advance. This procedure is called blind or double-blind.

Tasks of the Red Team
  • Penetration tests
  • Vulnerability assessments
  • Social engineering assessments
  • Exploit development
  • Creation of policies, guidelines and procedures

Black, Grey and Whitebox Tests

It can also be discussed with the customer in advance of such a test how much information is to be made available to the penetration testers. A distinction is made here between black box, grey box and white box tests. In a blackbox test, the attacking team is provided with virtually no information about the environment to be attacked, while in greybox tests partial information and in whitebox tests complete information about the environment to be attacked is provided by the customer.

Social Engineering

In addition to attacks on technical infrastructures, the Red Team can also make a significant contribution to security awareness with attack scenarios in the area of social engineering, such as phishing or vishing, because these results can be used for further training.


Trainings for the Red Team

Do you have questions about our offers? We will be happy to advise you: +41 44 832 50 80 | Contact form