Red Teaming
Adversarial Attack Simulation, also known as Red Team, consists of conducting precision attacks against an organization in order to test the effectiveness and responsiveness of different parts of a security program.
Go beyond traditional penetration testing with our Red Team
Traditional Penetration Tests often exclude some avenues of attack and tactics that real adversaries are currently using.
Unlike traditional testing, an Adversarial Attack Simulation takes an integrated approach to assessing Information Security defenses by combining multiple testing strategies into a comprehensive offensive engagement with the sole objective of gaining access to customer assets.
Adversarial attack simulation can include:
- Spear Phishing
- Specialized Malware
- Open Source Reconnaissance
- Social Engineering
- Targeted Web Application Attacks
- Physical Security Attacks
- Wireless Attacks
With TrustedSec, you can:
- Improve your team’s organizational readiness
- Gauge current performance levels
- Improve training for defenders
- Increase end-user Information Security awareness
- Evaluate the effectiveness of your IT security defenses and controls
- Gain objective insight into vulnerabilities that may exist across your environment
“Having access to industry leaders right here at TrustedSec makes solving our clients' challenges easier.”Paul SemsManaging Director of Remediation Services
Paul Sems
Managing Director of Remediation ServicesPaul and his team work with clients to harden their environments against attacks and help them recover after security incidents.
Get real security guidance from real security experts.
Experts across security domains are ready to tackle your security challenges.
Read our blog
Explore the latest cybersecurity topics on the TrustedSec Security Blog
Spec-tac-ula Deserialization: Deploying Specula with .NET
Earlier this year, I gave a talk at Steelcon on .NET deserialization and how it can be used for Red Team ops. That talk focused on the theory of .NET…
Oops I UDL'd it Again
IntroductionPhishing. We all love phishing. This post is about a new phishing technique based on some legacy knowledge I had that can be used to get past email…
Execution Guardrails: No One Likes Unintentional Exposure
1.1 IntroductionA hopefully rare scenario that gives red teamers a mini heart-attack is a sudden check-in from a new agent: admin on ALICE-PC.If a blue teamer…
Specula - Turning Outlook Into a C2 With One Registry Change
There exist a few singular Registry changes that any non-privileged user can make that transform the Outlook email client into a beaconing C2 agent. Given that…
dirDevil: Hiding Code and Content Within Folder Structures
Welcome back to another round of "Hiding in Plain Sight," exploring weird places to stash data or payloads. In our last edition, we explored an easy method of…
Assumed Breach: The Evolution of Offensive Security Testing
The goal of this post is singular: inform you (innocent reader, client, or competitor) about how we at TrustedSec are attempting to meet specific industry…
JS-Tap Mark II: Now with C2 Shenanigans
JS-Tap is a tool intended to help red teams attack web applications. I recently blogged about the data collection capabilities in JS-Tap version 1.0, and data…
From Chaos to Clarity: Organizing Data With Structured Formats
1.1 IntroductionAbout a year ago, we introduced a logging utility into our internal tooling on the Targeted Operations team to standardize how we output…
From Error to Entry: Cracking the Code of Password-Spraying Tools
IntroductionFirst things first, all of the tools in this blog post are really great tools and I have used most of them. (Thanks to the authors of the tools to…
Clickjacking: Not Just for the Clicks
tl;dr versionYou can trick users into "typing" inputs in a clickjacking attack.YouTube demo: https://www.youtube.com/watch?v=VIEZ1aByFvUPoC GitHub Repo:…