Red Team as a Service

A Red Team is a safe, simulated attack designed to reflect and mimic the actions and steps taken by a real-life attacker or specific threat actor who is targeting your organisation.

Red Team as a Service is offered as an ongoing subscription that uses cutting-edge intrusion techniques and practices, ethically, to support your organisation in the identification and prevention against ever-evolving cyber threats.

Advanced attack resilience

Securely placing your organisation in a stronger position to prepare, detect, deter and recover from a real-world attack, should you be targeted.

Holistic view of deployed security

Knowledge of your organisation’s full aggregated security posture provides real-life results in the event of an attack, compared to projects in isolation or siloed testing.

Review effectiveness of incident response mechanisms

Testing will expose and assess internal response mechanisms and ‘actions upon’ in the case of any detection of the attack.

Continuous improvement

Output from any simulated attack can help improve internal business and user awareness, with output able to be utilised in internal training programmes, and where relevant, support compliance requirements.

Testing security procedures and practices

Providing evidence of what policies and procedures failed or indeed protected the organisation during the attack lifecycle.

Full range of cutting-edge hacker techniques

Rootshell Security will work with you, professionally and ethically, to determine your organisation’s resilience to an attack

Phase 1: Reconnaissance

Typically focusing on open source intelligence (OSINT), we will attempt to identify targets for the attack, methods of delivery, compromise and any other information relevant to the assessments.

Our experienced consultants will provide monthly or quarterly OSINT reports, which will also provide options for the execution of Phase 2. We will work with you throughout the lifecycle of the attack to ensure that the best scenarios are delivered.

Phase 2: Weaponisation and Delivery

During this phase, an agreed method, identified in Phase 1, will be designed and executed against the target/s. This could be Phishing campaigns, SMiShing, Physical ingress etc.

While phishing attacks and social engineering remain the main focus, this service gives you flexibility to choose from different methods of delivery, including USB drop, physical device plant and physical ingress.

Phase 3: Exploitation, Installation; Command and Control

We will develop the initial foothold, mapping and enumerating the compromised target network, through to privilege escalation and exfiltration of nominated targeted data.

You will also be able to choose from different threat actors, including: an attacker on the inside, a disgruntled employee or an attacker that has physically gained access to your estate and has achieved a network foothold.

Once an attacker is on your network, the main plan of action would be to privilege escalate, laterally move across the network and set persistence.

Phase 4 : Continuous Reporting

We will deliver continuous reporting as each phase is executed, giving you full visibility of the assessment.

We will provide monthly threat intelligence reports that highlight any vulnerabilities or weak configurations, enabling  us to formulate a security plan.

Discover the full benefits of a continuous testing programme

Download the Prism Services technical datasheet