Overview

Kroll’s Red Team Operations experts adopt a systematic approach to comprehensively test an organization’s threat detection and response capabilities.

1. Reconnaissance – quality intelligence is critical to the success of any red team test. Kroll’s ethical hackers utilize a variety of OSINT tools, techniques and resources to collect information that could be used to successfully compromise the target. This includes details about networks, employees and in use security systems.

2. Staging – once any vulnerabilities have been identified and a plan of attack formulated, the next stage of any engagement is staging. Staging involves setting up and concealing the infrastructure and resources needed to launch attacks. This can include setting up servers to perform Command & Control (C2) and social engineering activity.

3. Attack delivery – the attack delivery phase of a Red Team Operation involves compromising and obtaining a foothold on the target network. In the course of pursuing their objective, our ethical hackers may attempt to exploit discovered vulnerabilities, use bruteforce to crack weak employee passwords, and create fake email communications to launch phishing attacks and drop malicious payloads.

4. Internal compromise – once a foothold is obtained on the target network, the next phase of the engagement is focused on achieving the objective(s) of the Red Team Operation. Activities at this stage can include lateral movement across the network, privilege escalation and data extraction.

5. Reporting and analysis – following completion of the red team assessment, a comprehensive final report is prepared to help technical and non-technical personnel understand the success of the exercise, including an overview of vulnerabilities discovered, attack vectors used and recommendations about how to remediate and mitigate risks.