STAGES TEST RED TEAM
(RED TEAM)

Although the RED TEAM exercise is true, it simulates a realistic scenario, a series of stages are followed, to give structure to the project and support the subsequent processes of documentation and construction of reports, each of the stages entails a series of steps elaborated carefully with the aim of increasing the chances of success, some steps will be excluded from the tests depending on the scenarios and according to the evaluations carried out during the execution of the exercise, the following stages are followed globally:

  1. Búsqueda OSINT (Open Source Intelligence o Inteligencia de fuentes abiertas).
  2. Identification of technological assets: Urls, Applications, Servers, etc.
  3. Identification of Github repositories.
  4. Identification of company employees in social networks.
  5. Collection of metadata.
  6. Collection of corporate emails.

  1. Classification of relevant information.
  2. Inspection of code repositories in search of sensitive information.
  3. Classification of tastes and interests.
  4. Detection of exposed ports in Ips detected.
  5. Analysis of Vulnerabilities on identified infrastructures.
  6. Identification of implemented web-level architectures or solutions.

  1. Purchase of domains for impersonation.
  2. Impersonation of critical urls detected.
  3. Construction of phishing templates.
  4. Construction of dictionaries, for attacks on detected authenticated services.
  5. Malware Construction (Harmless).
  6. Construction of decoy material for social networks.

  1. Partial sending of phishing campaigns to emails.
  2. Partial shipments of camouflaged malware, with email spoofing.
  3. Adding users to social networks.
  4. Dictionary attacks on authenticated services.
  5. Validation of exploitation of vulnerabilities detected in infrastructures.
  6. Validation of security flaws in mobile applications.
  7. Validation of failures in URLS, Ethical Hacking.
  8. Vishing (fraudulent calls).
  9. Sending “gifts” with malware.

  1. Recolección de evidencias.
  2. Dismantling of impersonated pages, phishing, domains, etc.
  3. Documentation.
  4. Report generation.
  5. Socialization.
  6. Secure deletion of information.

Many companies are interested in evaluating at a global level the state of computer and information security of their assets and resources, when thinking about it it is very common to request services such as Ethical Hacking to infrastructure, applications, perhaps vulnerability analysis and in some cases social engineering tests. However, such services would somewhat fall short given their nature; Understanding that in Ethical Hacking exercises, they are typically carried out in controlled environments, at established times and in constant communication with the technical area of the audited company, in addition to this, reduced times are established for the execution of the tests.

In a realistic scenario in which a cybercriminal seeks by all means to cause direct damage to the organization, be it by affecting the availability of critical services, obtaining confidential information, modifying information or managing to take control of servers or assets, several advantages: there would be no apparent time limit, it would take advantage of the anonymity and surprise factor, it would not be limited to applications or servers, it would probably use phishing techniques, malware, among others.

If an organization really wants to obtain a realistic overview of the state of computer security and the information of its assets and resources, we recommend carrying out Red Team exercises.

The red team tests (RED TEAM) They seek to better simulate a real attack scenario by a team of “cybercriminals” with the focus on using various techniques with the aim of directly affecting the confidentiality, integrity and availability of information, not limited to analyzing and/or attacking a specific application or server.

If you are interested in our due diligence services, fill out the form and one of our auditors will contact you as soon as possible to promptly listen to your requirements and help you size a proposal according to your specific needs.

Our clients