The Red Team Assessment methodology at Risksols is a highly advanced and adversary-simulated approach designed to test the organization’s overall security posture—people, processes, and technology—by emulating the tactics, techniques, and procedures (TTPs) of real-world threat actors. Unlike traditional penetration testing, which is often scoped to specific systems or vulnerabilities, Risksols’ red teaming focuses on achieving specific objectives such as data exfiltration, privilege escalation, or domain compromise, all while remaining undetected. The assessment is covert, goal-oriented, and tailored to challenge the effectiveness of the organization’s detection, prevention, and incident response capabilities.
The engagement begins with a comprehensive planning and rules-of-engagement phase. Here, Risksols collaborates with key stakeholders—typically at the executive or CISO level—to define high-value targets (known as “crown jewels”), establish acceptable testing parameters, and determine what level of awareness internal teams will have during the operation. This ensures that the assessment simulates a realistic, zero-notice attack without violating operational boundaries or business continuity.
Phase one of the Red Team operation is reconnaissance, where Risksols gathers intelligence on the target organization using Open Source Intelligence (OSINT), social engineering reconnaissance, and passive footprinting. This includes mapping the external infrastructure, identifying key personnel on social platforms, analyzing exposed metadata, and scanning for leaked credentials or assets. Information collected during this phase is used to craft customized attack vectors.
The Red Team Assessment methodology at Risksols is a highly advanced and adversary-simulated approach designed to test the organization’s overall security posture—people, processes, and technology—by emulating the tactics, techniques, and procedures (TTPs) of real-world threat actors. Unlike traditional penetration testing, which is often scoped to specific systems or vulnerabilities, Risksols’ red teaming focuses on achieving specific objectives such as data exfiltration, privilege escalation, or domain compromise, all while remaining undetected. The assessment is covert, goal-oriented, and tailored to challenge the effectiveness of the organization’s detection, prevention, and incident response capabilities.
The engagement begins with a comprehensive planning and rules-of-engagement phase. Here, Risksols collaborates with key stakeholders—typically at the executive or CISO level—to define high-value targets (known as “crown jewels”), establish acceptable testing parameters, and determine what level of awareness internal teams will have during the operation. This ensures that the assessment simulates a realistic, zero-notice attack without violating operational boundaries or business continuity.
Phase one of the Red Team operation is reconnaissance, where Risksols gathers intelligence on the target organization using Open Source Intelligence (OSINT), social engineering reconnaissance, and passive footprinting. This includes mapping the external infrastructure, identifying key personnel on social platforms, analyzing exposed metadata, and scanning for leaked credentials or assets. Information collected during this phase is used to craft customized attack vectors.
Next is the initial access phase, where Risksols attempts to breach the organization’s perimeter. Techniques may include spear-phishing emails with tailored payloads, malicious USB drops, exploitation of externally-facing vulnerabilities, or social engineering tactics such as impersonation. Upon gaining a foothold, the Red Team moves into the post-exploitation and lateral movement phase, using advanced techniques such as credential harvesting, Kerberoasting, Pass-the-Hash, and Active Directory enumeration to pivot across the internal network.
We use several OSINT resources to gather data and intelligence on the target to develop a plan of attack. The information we collect in this stage is critical and its accuracy determines how well the attack is planned. The information we try to acquire during the reconnaissance include:
In this phase, we use the intelligence we’ve gathered to map our strategy and plan the actual attack. The strategies and plans vary widely from organization to organization and are heavily dependent on several variables, but some of the steps we follow to prep for the actual attack are:
Once we’ve finalized the attack plan, we execute and begin systematically taking down the organization’s security checkpoints, compromising targets, and capturing flags as we go. The penetration may include:
Proper reporting and documentation of findings are crucial for any assessment. Di8it follows strict documentation standards and offers a customized, highly detailed report that outlines the scope of the engagement, how the attack was planned and executed, and the vulnerabilities discovered. We also provide remediation suggestions and steps to help bolster your security and plug in the holes.
Sign up to Risksols weekly newsletter to get the latest updates.