At redteam operations, CyberDeans team is going beyond the ordinary penetration testing via simulating a real attack against the whole organization which will give you the ability to measure how well your team and security appliances respond to a real attack. the scope of red-teaming operation will include Networks, web apps, routers, security appliances in addition to the employees themselves. Unlike the small scaled ordinary penetration testing processes, at redteam operation, CyberDeans team will launch several social engineering, Network penetration testing, Web app penetration testing attacks against your organization.
Exposing a larger attack surface which usually includes many assets haven't been covered during ordinary penetration testing
Finding out how will your SOC team respond against a real threat.
Finding out if your employees are aware enough against main security threats.
Identifying the misconfiguration of your security appliances as well as the endpoint security software.
Focusing on security assessments to find as many vulnerabilities as possible
Early stage to find and patch security issues either on applications or network devices
Limited to specific scope and be done with the knowledge of the staff
Minimal exploitation of discovered vulnerabilities to take out the false positive
Not focusing on avoiding detection by SOC / Blue team if found
No social engineering against employees is involved in the process
Simulating a targeted attack against organization to evaluate security controls in place and detection and response of organization’s security teams
More mature stage after having penetration testing done one or multiple time
More wide scope, being done without informing most of organization's staff
Exploiting discovered vulnerabilities in a manner that leads to achieving the target of the operation
Trying to avoid being detected by the SOC / Blue team for the longest period of time during the operation
Using social engineering and other techniques to measure employees awareness and obtain access
