Red Teaming Services
Adding to Fortis’ comprehensive range of consultancy-based penetration testing services we also offer more advanced security testing, called red teaming.
As with our standard engagement, each red teaming service is followed with a detailed technical report and a debrief presentation to ensure the issues documented are fully understood and the correct context of each finding has been agreed.
PENETRATION TESTING: ATTACKS
Red-teaming exercises are designed to establish a technical and cultural vulnerability baseline at a given point in time.
Full-spectrum red-teaming exercises are the where permission is given for nearly any tactics, techniques and procedures against any viable organisation-owned target where the only thing that isn’t permitted is a denial-of-service attack.
Typically, this type of exercise blends physical exploitation and social exploitation, with digital exploitation, in order to achieve the most extreme results.
Red team exercises are those where a threat actor profile is chosen and significant effort is deployed to simulate that attacker as closely to reality as possible.
The threat actor is likely to be a mid-tier threat actor such as an organised crime gang with a specific targeted nature rather than a lone actor or a crime gang performing widely-spread targeting.
The attacks can include digital, physical and technical:
Digital social engineering such as "Trawler Phishing" or "Whaling"
Physical social engineering such as Improvised Cyber Device (ICD) drops or pattern of life analysis
Physical attacks such as accessing offices via lock-picking, impersonation, etc.
Dumpster diving
Technical attacks via open source intelligence (OSINT) to exploiting vulnerabilities
FORTIS METHODOLOGY
The Fortis team has a wealth of experience in delivering meaningful red teaming services for our clients.
Methodologies can be difficult to define in advance for Red Teaming exercises. This is owing to the possible variation, the resources available and the simulations objectives.
The NCSC define the stages of a Cyber Attack:
The idea behind a Red Teaming exercise is that all of the above stages are completed, though the last stage – Affect – is almost always performed in a benign or reduced format.
Survey: "Investigating and analysing available information about the target in order to identify potential vulnerabilities"
Delivery: "Getting to the point in a system where a vulnerability can be exploited"
Breach: "Exploiting the vulnerability / vulnerabilities to gain some form of unauthorised access"
Affect: "Carrying out activities within a system that achieve the attacker's goal"
Commonly, these stages or a subset of these stages are performed in an iterative manner, in order to achieve the desired result.
Engagement periods for red team exercises vary in time and the most hardened of targets typically achieve results over many months of part-time activities.
The time period depends greatly on the context of the exercise and will often be difficult to estimate before reconnaissance is completed.
This is for multiple reasons: the exact set of tasks required are difficult to know in advance; there are often a lot of tasks to complete; some of those tasks take multiple days or weeks to completed; and arranging logistics and acquisition of personnel, facilities, third-party services, and other equipment.
This sort of work is not for the faint-hearted, but, it is the Gold Standard for understanding how well protected the organisation is from an aggressively targeted cyber attack.
A successful Red Teaming exercise will attempt to specify a goal or objective for the attackers to attempt to achieve.
Again, this objective can vary significantly, but typically it will be accessing, altering or stealing an asset.
A Red Team exercise with Fortis will inevitably test your people, your software, and your networks.
