BackServices/ Red Teaming

Red Teaming

With red teaming we put all your security measures and your security team to the test. The aim is to simulate real-life scenarios in order to activate the efficiency and effectiveness of your security measures and monitoring, but also the reaction of your employees and your security team, in order to learn and improve.

You and our team define the concrete goals, scope and conditions for the test and design a form of red teaming that suits your needs, with a strong focus on specifically identifying the points most important to you in testing and/or training.

Red Teaming with Simulation of a Threat Actor
With traditional red teaming we define the predominantly relevant threat actors from your risk and threat intelligence analysis and simulate those in one or more red team scenarios. Our basis for a standardised documentation and description of the planned activities is the MITRE ATT&CK framework. 

Specialised Red Teaming Engagements

If you have experienced specific security incidents already or you are well prepared for advanced standard scenarios, we will work on new and unknown scenarios in our most specialized red team engagements to push your security team to its limits. Because there is always something new to learn. 
Because of their duration and complexity, these specialised assessments are carried out according to the EU TIBER framework, which has been especially developed for complex red team assessments within the banking environment.

365 Red Teaming

If you want to stay up to date throughout the year, we suggest our 365 red teaming service. We monitor your systems 24/7 and either get active when new vulnerabilities become known or train your security measures regularly every year for newly discovered threat actors and scenarios.

Full-Scope Red Teaming
Red team engagements are not limited to IT systems. In full-scope red team engagements we will simulate full industrial espionage attacks involving IT security, physical security and social engineering. This is an ultimate endurance test for all your company's security measures in view of detection possibilities and the applying of fitting counter-reactions in attack situations.

Event Recap: INSPIRE::CSO 2025

The first INSPIRE::CSO has ended and we are delighted with the positive and open feedback we received from the forty participants who attended this exclusive event on March 7, 2025, at the Andaz Vienn...

Read more

Event announcement INSPIRE::CSO on 7 March 2025

On 7 March 2025, we cordially invite you to be inspired by exciting, practical presentations and discussions for new projects and goals for the next year and beyond.An exclusive event in a private atm...

Read more

Interview with “Der Standard” on Ethical Hacking and Red Teaming

More and more companies are having their internal security systems as well as their physical and digital safety precautions tested. “Der Standard” reports on the process and why it is important. ...

Read more

See all news

References & Case Studies

Finance

Red Teaming Challenges

Finance

We performed a Red Team Assessment for a bank, which aimed to recreate realistic attack scenarios in order to gain undetected access to the internal network without the company or the internal Blue Team detecting the attack.

To accomplish this, the first step was to search for information about the company using  freely available sources (OSINT). As no valid passwords or vulnerable systems could be identified, the next step was to send phishing emails to selected employees. The company was well prepared, as one phishing email was recognized and reported immediately. Another phishing email was not recognized and the payload was basically executed by the employee, but the code execution was blocked. Employees on the systems were not allowed to execute new programs, therefore the attack was mitigated.

For further analysis of the internal servers, internal tests were carried out from a notebook provided by the company. This revealed several vulnerabilities that could have been used to extend rights. The company was again well prepared and the Blue Team responded very quickly to the received alerts. As the company was already well prepared , it was recommended to continuously harden the internal systems and to further strengthen the security awareness among employees.

Finance

Red Teaming in the banking sector

Finance

We conducted a comprehensive red team assessment for a renowned bank, specifically aimed at identifying vulnerabilities related to technical phishing attacks. The goal was to test the bank’s phishing attack surface from the perspective of an employee and identify potential security gaps that could allow attackers to access confidential systems.

Besides other vulnerabilities, one stood out as the most critical: During an internal “assume breach” assessment, we discovered outdated system images on accessible network shares that could be accessed by any domain user. These images contained credentials for an active domain admin account, posing a significant threat to the overall infrastructure.

This assessment highlighted the importance of conducting thorough and ongoing security evaluations. Critical vulnerabilities, such as old accessible system images, along with other identified risks, can provide attackers with access to confidential areas of the IT infrastructure and cause significant damage. Identifying and addressing such vulnerabilities early is crucial to ensuring the long-term security of IT systems.

IT Service

Assessment of a Database Management System

IT Service

A database management system for buildings was examined for vulnerabilities for a large software company. A red team approach was used, therefore the blue team was not informed about a check being carried out. The starting point for the test scenario was a stolen notebook.

Several vulnerabilities were identified during the test. Access data was transmitted via an unencrypted connection to a higher port. The applications running on the system were written in JAVA and were susceptible to deserialization vulnerabilities, which can lead to code execution. After consultation with the customer, the execution of code was  refrained,  as it would have affected  a production system. Cross-site scripting vulnerabilities, outdated software and privilege escalation vulnerabilities were also identified. The actions of the testers did not cause any alarms, therefore their actions were (unfortunately) omitted from the blue team.

It was recommended to only use encrypted connections, apply patches to mitigate deserialization vulnerabilities and software updates, clean up and encode any user input, and further harden the system. In addition, it was recommended to sharpen the alerting and detection on the notebooks.