Information security doesn’t only apply to an organization’s networks or devices, but also to the organization’s personnel and physical attack vectors. Red teaming is a simulated hacking attack in which the target is attacked like a real hostile entity would attack.
In principle, a red teaming project applies a wide scope of different attack vectors, but the overall entity is always agreed separately with the customer.
For example, a project may include the following activities:
- Mapping and inquiry of services and information
- Phishing
- Social hacking
- Physical attack vectors (Client premises, USB sticks, network-connected devices)
- Large-scale penetration testing
Once the sectors have been selected, a plan is prepared for the implementation of the project. Technical attacks can be carried out either as discreetly as possible or in an undisguised manner. Any measures on personnel will be carried out as subtly as possible in order to avoid any negative perceptions about the testing.
The attack is primarily targeted at the entire organization and its processes, and aims to identify potential vulnerabilities that allow an attacker to gain access to the most critical information or system possible.