Red Teaming is the process of testing your organisations security via any avenue possible. This emulates the approach used by real life attackers and is more advanced than a pre-planned penetration test.
We can conduct Red Teaming attack simulations on all areas of your organisation simultaneously, however a detailed scope will always be agreed in advanced to agree which areas are to be included and which areas or targets are strictly out of scope.
Red Teaming typically combines multiple attack methods such as phishing, social engineering and penetration testing where anything really goes. The main goal is to get access anyway possible.
Red Teaming allows highly skilled testers to replicate a real life malicious attack to demonstrate the level of damage that could be caused, but under safe and controlled conditions. It can provide your organisation a complete picture of the overall physical security, staff awareness and computer security without putting your organisation at risk. If vulnerabilities are found these can be rectified before an attack occurs.
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
Penetration testing usually aims to identify a large breadth of weaknesses that may be exploited, Red Teaming emulates the approach used by a real-life attacker which is often to find a weakness or set of weaknesses and exploit these fully, in depth, to demonstrate the level of damage that could be done.
Penetration tests often have a specific pre-defined scope and often access is provided, however Red Teaming tests are often much broader in scope and are performed from a black box (no knowledge) perspective.
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts||Yes|
|Registered Penetration Testers||Yes|
|Certified Web Application Testers||Yes|
|Certified Infrastructure Testers||Yes|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)||Yes|
|CHECK Team Leader (CTL) - Infrastructure||Yes|
|CHECK Team Leader (CTL) - Applications||Yes|
Our CHECK status can be viewed on the below link:
It is recommended that Red Teaming assessments should be conducted annually to retest security procedures, staff awareness and staff changes.
Red Teaming assessments are bespoke depending on the goal or outcome you wish to achieve, therefore there is not an off-the-shelf price.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full testing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed findings - A complete list of all issues identified
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.