Red Teaming
Red Teaming has overlap with penetration testing and application security testing, but in addition to testing the technical mitigation aspects of your security stance, it also tests the humans and detection capabilities in your organization.
Red teaming activities range from stealthy recon and penetration of your defenses, to working directly with your blue team/SOC. Red teaming falls into two categories: Adversary Simulation and Technique Simulation.
Adversary Simulation
This form of red teaming is an objective-driven, stealthy, adversarial simulation which attempts to actively circumvent security controls by carrying out exploits and attack vectors that take advantage of a series of discovered vulnerabilities and/or weaknesses in technical controls, human behavior, process and detection gaps, etc. The red team operation often takes output found during the pentest and/or app testing portion of the engagement, physical attacks and/or social engineering, exploits them, then moves as deep into the network as possible, just like an adversary would.
The objective(s) can include comprising high-value workstations and servers in your network with a persistent backdoor/RAT, gaining access to and exfiltrating your most valuable data, getting domain admin, gaining write access to source code repos, etc. An overarching goal to the specific goal(s) set forth is to avoid getting caught/seen/detected. Once the objective(s) is achieved, assuming we are not caught in the act, we will “get noisy” so your incident responders will see us. This gives them the opportunity to practice the incident response process, including discovery, containment, eradication and recovery.
Adversary Simulation is largely centered around current attacker techniques and campaigns, but also includes the usage of PTES, NIST SP 800-115, and OSSTMM testing guides and our internal/proprietary methodologies.
View Sample ReportThe objective(s) can include comprising high-value workstations and servers in your network with a persistent backdoor/RAT, gaining access to and exfiltrating your most valuable data, getting domain admin, gaining write access to source code repos, etc. An overarching goal to the specific goal(s) set forth is to avoid getting caught/seen/detected. Once the objective(s) is achieved, assuming we are not caught in the act, we will “get noisy” so your incident responders will see us. This gives them the opportunity to practice the incident response process, including discovery, containment, eradication and recovery.
Adversary Simulation is largely centered around current attacker techniques and campaigns, but also includes the usage of PTES, NIST SP 800-115, and OSSTMM testing guides and our internal/proprietary methodologies.
Technique Simulation
The second category we put red teaming activities into is Technique Simulation, sometimes referred to as “purple teaming." This type of red teaming gives the best ROI of any security testing service. During this testing, we work closely with your blue team staff while launching individual attacker techniques. We monitor the activities to ensure they are mitigated and/or detected, and if not, help your blue team build the needed capability to do so. This cycle repeats numerous times to cover as many techniques as the engagement scope allows.
Parts of this testing use automated processes, while other techniques require manual methodologies. As such, it is common to run the automated processes first and then perform as many of the manual techniques as the engagement scope allows.
Technique Simulation and the techniques tested are largely centered around the MITRE ATT&CK framework.
Parts of this testing use automated processes, while other techniques require manual methodologies. As such, it is common to run the automated processes first and then perform as many of the manual techniques as the engagement scope allows.
Technique Simulation and the techniques tested are largely centered around the MITRE ATT&CK framework.
Sample Pricing
Because our Red Teaming services are highly tailored to each client engagement, it is not possible to give sample pricing. The following are some of the key criteria in determining the costs for Adversary Simulation:
- Small: No dedicated SOC, minimal technical control – basic level engagement
- Medium: Basic out-of-the-box security controls, basic security staff – intermediate level engagement
- Large: Multi-layered, out-of-the-box security controls, SOC – advanced level engagement
- xLarge: Custom security controls, advanced SOC – nation-state level engagement
Add-On Services
In order to keep our testing prices low, we’ve removed certain services that not every client requests. You only pay for the following services you need.
Post-Testing Briefings
Executive Level and/or Technical Level
Micro: $400 each, Small: $550 each, Medium: $675 each, Large: $825 each, xLarge: varies
Remediation Testing
Micro: $700, Small: $825, Medium: $975, Large: $1,100, xLarge: varies
Assist Technical Support Staff with Mitigations
$1,100 per 5-hr block of consultant time
Assist SOC Staff in Building Detections
$1,100 per 5-hr block of consultant time
On-Site Supplemental Testing and/or Visits
Mileage fee of
$3 per mile from 78006
plus, $300-450 per day for most visits
DISCLAIMER: Sample pricing listed is not actual pricing. These dollar amounts are estimates based on the number of hours required for engagements of similar size and assumes white box testing and at least a 60-day lead time. They are provided to give you a ballpark idea of the cost for the service. The total cost will be based on the estimated number of hours needed to perform the requested service and our hourly rate. Black box testing, specific complexities, and other non-standard situations will increase costs. Additionally, sample pricing does not include travel or other non-standard expenses (specialized equipment, materials, etc.). Final pricing is determined during the no-obligation scoping phase (before testing starts).
DISCLAIMER: Other than Wireless Testing, all testing is remote-only unless otherwise noted. Sample prices and prices quoted are for remote-only and do not include travel. See the On-site Supplemental Testing add-on for more information.