What is Pen Testing?
Penetration testing, also known as pen testing is a regulated attack on your network, digital infrastructure, and much more. Pen tests are performed by ethical hackers or a red team to find weaknesses, vulnerabilities, and test your current security defenses.
A standard pen test is better suited for companies who do not conduct regular assessments. CYBRI recommends performing both during your annual security program to test both aspects of your security posture.
What is Red Team Pen Testing
Red Team Pentesting is a more advanced assessment than a regular pen test and involves tactics not often employed during a pen test.
A red team engagement is recommended to be part of an existing annual program. The red team acts like a real adversary employing more technically skilled attacks that require manual tuning to go undetected, so loud vulnerability scans are often left out.
The attackers also craft or modify custom exploits during the test to increase the likelihood of success.
Pen Testing | Red Team |
Vulnerability Scanning | Quiet Fingerprinting |
Automated Exploitation | More manual/custom exploits |
Focused on finding vulnerabilities | Focused on testing the defenses |
Blue Team helps the testers | Blue team tries to stop the testers |
The red team aims to dive deeper into the testing to really find the true extent of vulnerabilities by leveraging specialized exploits, as well as test the potential for data exfiltration. Depending on the needs of the project, they will also utilize a stealthier approach and also incorporate social engineering. The aim is to truly test how a company responds to a real attacker. Some tests actively involve the client trying to detect the attacker and cut them off when discovered to test the in-house blue team’s skills.
The Red team aims to test:
- Are threat detection systems working and configured properly?
- The ability for the Blue Team to respond
- Exfiltration and data loss prevention controls
- Business logic flaws that may allow for compromise
CYBRI Red Team
Our red team consists of the nation’s top ethical hackers, who can build exploits, evade detection, and really find all weaknesses.
What CYBRI’s Red Team Tests:
- Web & Mobile Applications
- Network & Infrastructure
- Application Security
- API
- Servers & Hosts
To reach out to learn more about our Red Team Pen Testing, please fill out the form below. We look forward to hearing from you.