Unlike Penetration Testing, Red Team campaigns focus on accessing rather than testing security controls and methods that you may not have anticipated.
While traditional Penetration testing is crucial to security it can be limited due to time and scope constraints. Red Teaming goes further by providing an adversary simulation service that recreates actual attack scenarios on available, and exposed attack surfaces.
A red team engagement initially involves off-site reconnaissance using public sources about the organisation prior to actively polling organisational targets. Targets could include physical worksites or offices and external internet exposed systems. Red teaming also simulates social engineering attacks like getting your employees to give up confidential information. The aim is to achieve an internal position within the corporate network. Once an internal position has been achieved, the campaign moves into solidifying persistence on the corporate network and extracting data without detection.
Rather than only just replicating the most likely attack methods, Red Teams will also try unlikely or custom exploits to bypass intrusion detection systems used by your organisation.