Red Teaming
Adversarial Attack Simulation, also known as Red Team, consists of conducting precision attacks against an organization in order to test the effectiveness and responsiveness of different parts of a security program.
Go beyond traditional penetration testing with our Red Team
Traditional Penetration Tests often exclude some avenues of attack and tactics that real adversaries are currently using.
Unlike traditional testing, an Adversarial Attack Simulation takes an integrated approach to assessing Information Security defenses by combining multiple testing strategies into a comprehensive offensive engagement with the sole objective of gaining access to customer assets.
Adversarial attack simulation can include:
- Spear Phishing
- Specialized Malware
- Open Source Reconnaissance
- Social Engineering
- Targeted Web Application Attacks
- Physical Security Attacks
- Wireless Attacks
With TrustedSec, you can:
- Improve your team’s organizational readiness
- Gauge current performance levels
- Improve training for defenders
- Increase end-user Information Security awareness
- Evaluate the effectiveness of your IT security defenses and controls
- Gain objective insight into vulnerabilities that may exist across your environment
“Having access to industry leaders right here at TrustedSec makes solving our clients' challenges easier.”Paul SemsManaging Director of Remediation Services
Paul Sems
Managing Director of Remediation ServicesPaul and his team work with clients to harden their environments against attacks and help them recover after security incidents.
Get real security guidance from real security experts.
Experts across security domains are ready to tackle your security challenges.
Read our blog
Explore the latest cybersecurity topics on the TrustedSec Security Blog
Discovering a Deserialization Vulnerability in LINQPad
Like most red teamers, I spend quite a lot of time looking for novel vulnerabilities that could be used for initial access or lateral movement. Recently, my…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Spec-tac-ula Deserialization: Deploying Specula with .NET
Earlier this year, I gave a talk at Steelcon on .NET deserialization and how it can be used for Red Team ops. That talk focused on the theory of .NET…
Oops I UDL'd it Again
IntroductionPhishing. We all love phishing. This post is about a new phishing technique based on some legacy knowledge I had that can be used to get past email…
Execution Guardrails: No One Likes Unintentional Exposure
1.1 IntroductionA hopefully rare scenario that gives red teamers a mini heart-attack is a sudden check-in from a new agent: admin on ALICE-PC.If a blue teamer…
Specula - Turning Outlook Into a C2 With One Registry Change
There exist a few singular Registry changes that any non-privileged user can make that transform the Outlook email client into a beaconing C2 agent. Given that…
dirDevil: Hiding Code and Content Within Folder Structures
Welcome back to another round of "Hiding in Plain Sight," exploring weird places to stash data or payloads. In our last edition, we explored an easy method of…
Assumed Breach: The Evolution of Offensive Security Testing
The goal of this post is singular: inform you (innocent reader, client, or competitor) about how we at TrustedSec are attempting to meet specific industry…
JS-Tap Mark II: Now with C2 Shenanigans
JS-Tap is a tool intended to help red teams attack web applications. I recently blogged about the data collection capabilities in JS-Tap version 1.0, and data…
From Chaos to Clarity: Organizing Data With Structured Formats
1.1 IntroductionAbout a year ago, we introduced a logging utility into our internal tooling on the Targeted Operations team to standardize how we output…