Red Team is a comprehensive service that includes immediate and infrastructure penetration testing, and various defenses, network devices (such as Wi-Fi) and social engineering testing: phishing emails, calls, physical intrusions and more. The term Red Team comes from the military environment and defines a “friendly” attacking team. In counterbalance, there is a team of defenders — Blue Team. The difference between Red Team operations and classic pentest is primarily in the rules of action and bias of the protected party. Also, with “classic” pentests, “white lists” are often used, which are limited by the time of work performed, the level of interaction with the system. When conducting Red Team operations, there are practically no restrictions, a real attack on the infrastructure is carried out: from an external perimeter attack, to an attempt at physical access, “hard” sociotechnical technologies (not fixing a link, but, for example, a full-fledged reverse shell) Red Team’s approach is closer all correlates with a targeted attack — APT (Advanced Persistent Threat). The Red Team should consist of experienced professionals, with rich experience, built as IT/IB infrastructure.
I with experience in the compromise system. Red Team is very similar to the responsibility of a military operation: possible targets or objects of attack, zones are determined, all options for the development of the scenario and team members are analyzed. Often, the Red Team can be an insider, transfer internal company data, or perform support functions. Red Team is an attempt to gain access (get hold of information) by any means of the system, including penetration testing; physical access; testing of communication lines, wireless and radio frequency systems; employee testing using social engineering scenarios. The concept of Red Team operations allows you to conduct penetration testing as realistically, quickly and qualitatively as possible