For the most authentic penetration test simulation, a technique known as Red Teaming, where the testers simulate what an attacker in the real world would do, would be the ideal solution. Often in security testing, penetration testers are restricted by what is allowed to be in scope and the test becomes more of an audit than a reflection of what an attacker would attempt. As a result, clients often do not receive an overall picture of the security posture of their organisation. Red Teaming takes a more realistic approach to attacking the organisation and exploiting any weaknesses.
A more advanced version of red team testing exists called adversarial simulation. In this type of testing, consultants emulate real attackers and use their TTPs (techniques, tactics, and procedures) to gauge whether client security controls would identify and block realistic attacks. This type of testing may be prefaced with threat intelligence to identify the risks that face the client organisation.
After discussions with the client and the boundaries have been agreed, the first stage involved in a Red Teaming exercise is Information Gathering. The more intelligence that can be gathered about the target company prior to attack attempts the better, as it will increase the chances of success. This stage alone can result in interesting findings for the client. For example, it could reveal that staff members are leaking sensitive information on public chat forums, or that the company are unintentionally leaking a document on the internet. Testers will often visit the area where the target organisation is located at this stage to gather further intelligence. For example, what the staff passes look like, whether staff members congregate at the pub at lunchtime and ‘talk shop’ which the tester could eavesdrop on.
Once ProCheckUp has gathered as much information as possible, time is then spent preparing plans of attack based on the intelligence gathered.
Next is the exploitation phase which can involve remote and on-site social engineering, phishing, and stealth hacking techniques (as opposed to penetration testing which tends to be quite ‘noisy’ on the network).
Lastly, the steps taken (whether successful or unsuccessful at compromising the organisation’s security in any way) are fully documented in a report along with remedial advice.
ProCheckUp is an approved provider of CREST STAR services. STAR (Simulated Target Attack and Response) is a new intelligence-led vulnerability testing framework devised to replicate the behaviours of real-world threat actors against individual clients. More information about this service can be found here.
Please contact us for more information on how ProCheckUp Red/Blue/Purple Teaming Services can help you.