PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Red Teaming

Red Teaming has overlap with penetration testing and application security testing, but in addition to testing the technical mitigation aspects of your security stance, it also tests the humans and detection capabilities in your organization.

Red teaming activities range from stealthy recon and penetration of your defenses, to working directly with your blue team/SOC. Red teaming falls into two categories: Adversary Simulation and Technique Simulation.

Schedule a Consultation

Adversary Simulation

This form of red teaming is an objective-driven, stealthy, adversarial simulation which attempts to actively circumvent security controls by carrying out exploits and attack vectors that take advantage of a series of discovered vulnerabilities and/or weaknesses in technical controls, human behavior, process and detection gaps, etc. The red team operation often takes output found during the pentest and/or app testing portion of the engagement, physical attacks and/or social engineering, exploits them, then moves as deep into the network as possible, just like an adversary would.

The objective(s) can include comprising high-value workstations and servers in your network with a persistent backdoor/RAT, gaining access to and exfiltrating your most valuable data, getting domain admin, gaining write access to source code repos, etc. An overarching goal to the specific goal(s) set forth is to avoid getting caught/seen/detected. Once the objective(s) is achieved, assuming we are not caught in the act, we will “get noisy” so your incident responders will see us. This gives them the opportunity to practice the incident response process, including discovery, containment, eradication and recovery.

Adversary Simulation is largely centered around current attacker techniques and campaigns, but also includes the usage of PTESNIST SP 800-115, and OSSTMM testing guides and our internal/proprietary methodologies.
View Sample Report

Technique Simulation

The second category we put red teaming activities into is Technique Simulation, sometimes referred to as “purple teaming." This type of red teaming gives the best ROI of any security testing service. During this testing, we work closely with your blue team staff while launching individual attacker techniques. We monitor the activities to ensure they are mitigated and/or detected, and if not, help your blue team build the needed capability to do so. This cycle repeats numerous times to cover as many techniques as the engagement scope allows.

Parts of this testing use automated processes, while other techniques require manual methodologies. As such, it is common to run the automated processes first and then perform as many of the manual techniques as the engagement scope allows.

Technique Simulation and the techniques tested are largely centered around the MITRE ATT&CK framework.

Sample Pricing

Because our Red Teaming services are highly tailored to each client engagement, it is not possible to give sample pricing.  The following are some of the key criteria in determining the costs for Adversary Simulation:

  • Small: No dedicated SOC, minimal technical control – basic level engagement
  • Medium: Basic out-of-the-box security controls, basic security staff – intermediate level engagement
  • Large: Multi-layered, out-of-the-box security controls, SOC – advanced level engagement
  • xLarge: Custom security controls, advanced SOC – nation-state level engagement

Add-On Services

In order to keep our testing prices low, we’ve removed certain services that not every client requests. Under our Cybersecurity Unlimited Retainer (included with all of our contracts) you can add on the following services as needed. Please reference the Cybersecurity Unlimited Retainer page for pricing details.

Post-Testing Briefings
Executive Level and/or Technical Level
Micro: ~1.5 hours, Small: ~2 hours, Medium: ~2.5 hours, Large: ~3 hours, xLarge: 3+ hours
Remediation Testing
Micro: ~2.5 hours, Small: ~3 hours, Medium: ~3.5 hours, Large: ~4 hours, xLarge: 4+ hours
Assist Technical Support Staff with Mitigations
Hours vary depending on your needs
Assist SOC Staff in Building Detections
Hours vary depending on your needs
On-Site Supplemental Testing and/or Visits
See Cybersecurity Unlimited Retainer page for pricing details
DISCLAIMER: Sample pricing listed is not actual pricing. These dollar amounts are estimates based on the number of hours required for engagements of similar size and assumes white box testing and at least a 60-day lead time. They are provided to give you a ballpark idea of the cost for the service. The total cost will be based on the estimated number of hours needed to perform the requested service and our hourly rate. Black box testing, specific complexities, and other non-standard situations will increase costs. Additionally, sample pricing does not include travel or other non-standard expenses (specialized equipment, materials, etc.). Final pricing is determined during the no-obligation scoping phase (before testing starts).