R
Red Team
A group of security experts that simulates real-world attacks against an organization to test defenses and identify weaknesses.
What is a Red Team?
A red team is a group of security professionals who simulate real-world adversaries to test an organization's defenses. Unlike penetration testing, red team exercises are broader in scope, testing not just technical controls but also people, processes, and physical security.
Red Team vs. Pentest
| Aspect | Pentest | Red Team |
|---|---|---|
| Scope | Defined systems | Organization-wide |
| Goal | Find vulnerabilities | Test detection/response |
| Duration | Days to weeks | Weeks to months |
| Stealth | Not prioritized | Critical |
| Rules | Clear boundaries | Fewer restrictions |
Red Team Objectives
- Simulate advanced persistent threats (APT)
- Test security team detection capabilities
- Evaluate incident response effectiveness
- Identify gaps in security controls
- Assess organizational resilience
Red Team Techniques
- Social engineering (phishing, pretexting)
- Physical intrusion attempts
- Network penetration
- Application exploitation
- Insider threat simulation
- Supply chain compromise
Red Team Exercise Output
- Attack narrative and timeline
- Techniques used (mapped to MITRE ATT&CK)
- Detection gaps identified
- Recommendations for improvement
- Blue team performance assessment