
Dr. Antje Winkler
Red Teaming
Every company’s IT environment and security measures are unique. Therefore, attackers need to adapt accordingly, tailoring their cyber attacks to fit each specific organization. The following diagram provides an overview of various kinds of attacks – both from outside and within the company.
We offer various scenarios that reflect these attacker tactics. Each scenario sets the starting point for the campaign and outlines the methods the simulated attacker will use to infiltrate your corporate network:
This scenario assumes that an attacker has already gained access to internal IT systems or that an internal perpetrator is misusing their existing access. To simulate this scenario, you provide us with an internal point of access. Based on this, our red team will assess how such an attacker could expand their existing access rights and compromise further systems.
Examples:
With this approach, we take on the role of an attacker conducting cyber attacks over the internet. Using various information gathering techniques, we identify vulnerabilities in the external perimeter and attempt to exploit them to infiltrate the corporate network.
Examples:
We act like an attacker who tries to bypass the physical perimeter protection through targeted deception and install a prepared device on the company’s premises. The goal is to overcome on-site security measures and covertly gain access to the company network (e.g., by planting a mini-PC).
Examples:
The objective of the red teaming campaign is to simulate the impact a cyber attack would have on the customer’s company under real-world conditions. To minimize potential effects on business processes and IT systems, close coordination between all parties involved is of high importance.
The following parties from both the client and the contractor are involved in the execution of the campaign:
The detailed vulnerabilities and pathways through which an attacker can infiltrate the company or advance further within the network are highly dependent on the specific organization. The overall process of the red teaming campaign can be divided into the following stages:
The individual stages are described in detail below:
During the reconnaissance phase, information about the target company is gathered. This information is obtained from publicly available sources through Open-Source Intelligence (OSINT) techniques.
The aim is to obtain an overview of the situation and identify possible attack paths, which are essential for subsequent phases of the red teaming campaign.
The post-exploitation phase is the core phase of the campaign and includes several recurring steps:
The achievement of the campaign’s objectives is demonstrated to the White Team through jointly defined actions, such as:
There are many established methodologies and frameworks that guide a red teaming campaign, ensuring that the results are consistent and compliant with regulations such as the Digital Operational Resilience Act (DORA) or NIS-2.
Dr. Antje Winkler
Social Engineering
Social engineering focuses on exploiting human factors, aiming to entice employees in their respective roles to disclose sensitive information or to carry out certain actions. Starting from a successful compromise, the objective is to infiltrate the company’s infrastructure.
In addition to email phishing, alternative communication channels such as messaging services or social media are possible.
Example: