Red Team Attacks

Red Team Attacks or threat-led penetration tests (TLPT), are targeted and complex assessments that aim to simulate the behaviour of an external adversary against your organization and compromise critical assets. It differs significantly from a formal penetration test as it usually has a longer duration, the attack activities are not communicated and attack persistence is in scope.

Usually for mature technical and security teams, in organizations who treat security as a top priority, Red Team Attacks help you discover vulnerabilities in the following locations:

  • Networks
  • Applications
  • Devices
  • Personnel
  • Monitoring & Alerting operations
  • Incident Response
  • Corporate Security Policies


1. Scoping

As in a formal penetration test, during this phase a "Rules of Engagement" agreement is defined, including:

  • Flag or goals to compromise during the attacks
  • Which assets of the organization are to be tested and which are excluded
  • Allowed types of attacks
  • Testing period and timezones
  • Means of communication
  • Out-of-Jail agreement in case on-site operations are needed


2. Information Gathering

Black-box, passive OSINT (Open Source Intelligence) techniques are used in combination with neutral observation actions in order to collect as much information as possible regarding the targets to be tested. The more the information, the most attack vectors can be crafted. The intelligence gathered can be of the following types:

  • External IP blocks and relation to hosting providers
  • Company locations
  • Staff and key personnel
  • Domains and subdomains
  • Leaked credentials
  • Public IoT systems
  • Misconfigured DNS & web servers leaking information

3. Vectoring

A plethora of automated tools and manual scanning methods is utilized in order to discover possible entry points and attack vectors. The results will be used as a springboard for implementing exploitation attempts:

  • Directories/subdomains & application enumeration
  • Cloud services analysis
  • WiFi analysis
  • Authentication mechanisms analysis
  • Mapping applications to internal & external networks
  • Crafting attack vectors based on findings & vulnerabilities


4. Attacking

Based on the findings of the previous steps, proper attack vectors are designed and executed in order to exploit the detected vulnerabilities/flaws and penetrate into the application. The types of attacks can be:

  • Attacking services with previously mapped vulnerabilities
  • Usage of breached/brute-forced credentials
  • Personnel targeting via various social engineering techniques
  • Combined attack vectors

5. Reporting

Reports are a crucial step in a penetration testing engagement as the cornerstone deliverable which provide meaningful insights regarding the security posture of your organization, along with remediation recommendation for each detected risk. Our reports are built upon the following elements:

  • Executive summary for the management board, C-level executives
  • Intelligence report for mid-level roles
  • Detailed Technical report regarding the findings
  • Prioritized risk-based reporting
  • Traceability steps for each finding (traceID ™)
  • Security readiness badge (SpearBadge ™)
  • Remediation recommendations

Are your defenses mature & your personnel security-ready?

Find Out!

Latest News

Ukrainian NBU BankID System preparing for EU recognition

SpearIT is pleased to announce that has undertaken the preliminary conformity assessment of Ukraine's BankID national electronic identification scheme, ...

Read More

Cypriot National eID becomes notified

SpearIT is pleased to announce that the electronic identification (eID) scheme of Cyprus has now been notified as LoA High...

Read More

Cypriot National eID becomes pre-notified

SpearIT is pleased to announce that the first Cypriot electronic identification (eID) scheme has now been pre-notified in the eIDAS Cooperation Network...

Read More