The Red Team Test simulates an attempt to compromise the customers network, thereby testing their defensive capabilities against a motivated attacker in a realistic scenario.
Within a scope defined in collaboration with the customer, an attempt is made to compromise the network and escalate privileges as far as possible.
- Scoping – the methodology, limitations, goals and any information needed about the organisation’s infrastructure is established. Please note that Danish Cyber Defence does not include physical social engineering of any kind in the scope of a Red Team Test.
- Test execution – Progress is shared with the customer’s contact point as the test is executed, and the process is steered based on feedback from the customer. To limit the risk of interfering with production systems, no potentially disruptive actions are taken without the approval of the customer.
- Reporting – In a workshop with the relevant stakeholders, the defensive team’s experiences are correlated with the attack timeline. Based on this a presentation is given on the key learning points from the exercise.
Requirements vary depending on the scope of the test. The customer’s contact point should set aside some time every week for status reports.
That a Red Team Test is performed once a year after the defensive team’s capabilities have reached a maturity level where this exercise is beneficial. For this exercise to be beneficial a SOC or similar with experienced staff should be in place.