Red Team
Testing

Can hackers penetrate your network and gain access to your sensitive data or impact operations? Find out with a red team test. A highly skilled team of experienced penetration testers are given creative freedom to “think like hackers” and see how far they can go in your network. The red team will have customized goals, and use a combination of attack techniques to not only penetrate your network, but also identify and exploit vulnerabilities in your people, processes, facilities and technology to capture their target data.

THE GOALS OF YOUR RED TEAM SECURITY TESTS MAY INCLUDE:

Discover how security weaknesses can be leveraged to gain unauthorized access to information resources.

Determine the effectiveness of novel attacks or combined techniques (such as phishing combined with penetration testing).

Identify key vulnerabilities that can realistically be exploited by hackers and provide recommendations.

Here’s how LMG’s red teaming works in 4 steps:

Step 1: Determine the Rules for the Road

To begin, LMG will work with your team to establish the “rules for the road” and unique goals for your assessment. You can decide:

  • Scope of the testing – determine permitted and prohibited facilities and attack vectors
  • Testing targets – we work with you to create a series of “flags” that may mimic PII,
    customer information, intellectual property, etc. that serve as the targets for the attack team
  • Actions we should take upon intrusion
  • Which of your organization’s team members will be aware of the test
  • When and how often you would like to be notified of tests
  • How aggressive we should be in our different types of testing

Step 2: Initial Reconnaissance

We will conduct initial reconnaissance and present your team with an attack plan (if desired). The initial reconnaissance phase may include:

  • Port scans
  • Social media scrapes
  • Researching your organization’s online presence
  • Email harvesting
  • Physical facility mapping and remote examination
  • And other activities…

Step 3: Conducting the Attack

Our experienced testers follow the “intrusion kill chain” model. They are given creative freedom to “think like hackers” and select from a variety of attack vectors (selected from within your guidelines if you require restrictions). Upon obtaining access to the target flags, LMG’s testers will take previously agreed upon actions that can include: capturing images of the flags, exfiltrating data, attempting to bypass data loss prevention controls to exfiltrate data, and more.

Step 4: Results Analysis and Reporting

After the red team testing activities, we analyze the results and deliver detailed reports that help you strengthen your security posture. Our reports include:

  • Executive summary
  • Narrative of red team test process and findings
  • Detailed technical results
  • Top risks
  • Remediation matrix
  • Automated vulnerability scanner results and other raw data collected during the
    assessment
  • Presentation of results (60-90 minutes), for your chosen audience (optional, if desired)

For more detailed information on red team testing, please contact us.