Red Teaming: Our Lessons Learned
THE Red Teaming challenge your incident detection and response capabilities, by putting your physical and technical infrastructure and your employees. Our Red Team identifies your sensitive assets and targets them through compromise scenarios over an extended period and scope.
Recovery of sensitive data (financial, executive committee, HR) for an insurance group
Trophies retrieved Financial data, Executive Committee and HR
Method social engineering
Duration : 1 month
Detection methods at the customer's premises :
- No SOC at the client's site
- Bypassing the antivirus solution for emails
Red Teaming mission sequence :
- Discovering employee profiles on Facebook and LinkedIn
- Identification of potential targets (HR…)
- Sending a spear phishing email to the targets
- Retrieving target login credentials
- Takeover of the victims' station
- Financial, Executive Committee and HR data retrieval
Retrieval of product recipes from a company specializing in the agri-food sector
Trophies collected : recipes for food products
Method : intrusion into the information system
Duration 2 and a half months
Detection methods at the customer's premises :
- Our team managed to fly under the client's SOC radar.
Red Teaming mission sequence :
- Identification of a vulnerable web application within the company
- Exploiting vulnerabilities and regaining access to the server
- Server privilege escalation
- Rebounding on the company's internal network
- Compromised high-privilege accounts
- Revenue recovery and exfiltration
Socket of production chain control of an automobile manufacturer
Trophies collected production line
Method : physical intrusion into the client's premises
Duration : 5 months
Detection methods at the customer's premises :
- The client has a CERT that detected the use of malicious code
- Our team successfully maintained access points within the company, which enabled it to carry out its mission.
Red Teaming mission sequence :
- Retrieving and cloning a company visitor badge
- Social engineering attack by our Red Team posing as building employees
- Physical intrusion by our Red Team into the company premises using the cloned badge
- Insertion of equipment onto the network that can be controlled remotely and deployment of agents (computer programs) allowing remote control of accessible equipment.
- Information system privilege escalation
- Takeover of the production chain
If you would like to learn more about our Red Teaming offer, please feel free to consult our article, or you can contact our team directly: [email protected]
Sign up for our bi-monthly newsletter to receive
More news on your security challenges
