A red team assessment follows the full attack lifecycle carried out by sophisticated persistent attackers. FortyNorth Security is provided with little to no information at the beginning of the assessment, as a red team assessment is designed to emulate a real-world attack. A red team assessment is an objective driven test, where the goals are mutually agreed upon between FortyNorth Security and your organization prior to beginning the assessment.
A red team assessments begins with the establishment of external command and control (C2) servers. These servers will be how FortyNorth issues commands to compromised systems within your organization. The external C2 infrastructure will use specific network communication protocols that attempt to evade detection by blue-team staff.
We review external systems for any immediate method of compromise, however due to the prevalence of modern day attackers’ compromising companies via social engineering, FortyNorth will likely also perform a social engineering attack. We may perform e-mail or phone based social engineering to obtain an initial foothold within your organization.
After obtaining initial access, FortyNorth will look for means to escalate privileges and laterally propagate within your internal network. One of our goals will likely be to obtain domain administrative rights within your internal network.
FortyNorth will leverage the domain administrator rights, if needed, to complete the pre-determined objective(s) for the assessment. All activities described will be performed will attempting to minimize detection by blue-team staff. We use open-source, commercially purchased, and custom developed tools or scripts to assist in performing the red team assessment.
A red team assessment is the perfect service offering for organizations who have a mature security program and seek to test their defenses and incident response procedures against a determined adversary, without the risk of an actual breach. Red team assessments emulate determined attackers using a variety of mechanisms to breach your organization and access your sensitive data.