Red Team Assessments

A multi-faceted, full-scope attack simulated
against software, hardware, people, and facilities.

Obtain a comprehensive, realistic view of your business’ vulnerabilities and the level of associated risk.

Red Team Assessments:
A Comprehensive Attack Simulation

A Red Team Assessment is a multi-blended and comprehensive attack that involves several facets of physical penetration testing, social engineering, application penetration testing, as well as internal and external network penetration testing. The goal of a Red Team Assessment is to reveal real-world opportunities for malicious hackers, or just malicious employees and bad actors, to be able to compromise all aspects of your organization. With a Red Team Assessment, you gain a full-scope understanding of how an attacker might gain unauthorized virtual and/or physical access to sensitive information leading up to data breaches and full system/network compromise.

Identify Vulnerabilities and Determine Level of Risk

With a MainNerve Red Team Assessment, your company will gain a realistic understanding of how well your networks, applications, people, and physical security controls can withstand an attack from a real-life hacker. All of our Red Team Assessments are carried out by our highly-trained security engineers (NSA Red Team experience) in an effort to: (1) Identify physical, hardware, software, and human vulnerabilities; (2) Obtain a more realistic understanding of risk for your organization; and (3) Help provide remediation recommendations for all identified security weaknesses.

Test your business against multiple attack vectors:

Technology

Networks
Applications
Routers
Switches
Appliances
And more…

People

Staff
Independent Contractors
Departments
Business Partners
And more…

Physical

Offices
Warehouses
Substations
Data Centers
Buildings
And more…

THE MAINNERVE PROCESS

MainNerve Red Team Assessments are designed to provide businesses with a truly holistic view of their security posture. With a red team assessment, a full-scope, multi-layered attack simulation is performed in order to measure how resilient your people, networks, applications and/or physical security controls are to an attack from a real-life adversary. Concluding the red team security assessment, MainNerve will provide a comprehensive final report that details all the findings of the test.

Computer chip

Planning

The planning phase of Red Team Assessment process includes establishing Rules of Engagement, communicating about on- and off-limit IPs, staff members, facilities, applications, and more (Scoping), and the overall timeline of the Red Team Assessment. During this phase, we work with your team to determine the objectives that represent key risk areas that are critical to your business. The intent is to determine the likelihood of these risks occurring. Once the objectives have been agreed upon, and the planning phase concluded, the MainNerve red team starts conducting its test.

Computer chip

DISCOVERY

During the discovery phase, MainNerve will perform extensive enumeration in order to identify possible entry points into the tested systems. The MainNerve red team penetration testers actively query specific systems to gather as much information as possible. For example, during a network test, this can be the standard portscan, directly querying single services, or the identification of the tested systems’ individual security weaknesses. The team will also seek to discovery any physical security vulnerabilities/weaknesses. For example, the team will seek to identify publicly accessible areas (that shouldn’t be), radio links between buildings, rogue access points, access control systems, and more.

Computer chip

EXPLOITATION

The third phase of the red team assessment, exploitation, is where the MainNerve red team penetration testers attempt to actively exploit security weaknesses. MainNerve will use ethical hacking techniques to penetrate any vulnerable systems with the goal of compromising a system and manifesting on that system. Once a designated system is successfully compromised, it becomes increasingly possible to exploit further systems. Throughout the exploitation phase, MainNerve will employ a “target of opportunity” approach for exploiting vulnerabilities and accessing sensitive information. The overall goal of the test is to establish a persistent presence on any identified systems, to exploit the trusts of related systems, and to test response to various attack vectors.

Computer chip

Reporting & Analysis

At MainNerve, we consider the final phase of the red team assessment process, reporting, to be the most crucial and instrumental step. During this phase, we take great care to ensure we effectively communicate the value of our service and findings as thoroughly as possible. Our main goal is to ensure that all information from the red team assessment is clearly understood and that a roadmap toward remediation/mitigation is well defined. A comprehensive final report detailing all testing information along with an executive summary is securely delivered during this step.

WANT TO LEARN MORE?

MORE INFORMATION

More About Red Team Assessments

 

Overview

Red Team Assessments are multi-faceted, adversarial-based attacks simulated against people, software, hardware, and facilities—performed simultaneously. Red Team Assessments involve several facets of social engineering, physical penetration testing, application penetration testing, and network penetration testing.

When performing Red Team Assessments, MainNerve has no knowledge of your systems and networks prior to testing. In addition, our Red Team Assessments are 99% human-driven. The objective of a Red Team Assessment is to obtain a hyper-realistic level of risk and vulnerabilities against your Technology, People, and Physical Facilities.

Red Team Assessments are considered a full-scope security and vulnerability assessment that combines multiple services to provide a complete view of an organization’s security posture. This type of test is a comprehensive attack simulation carried out by our highly-trained security technicians. A Red Team Assessment includes:

  • Network Penetration Testing
  • Physical Security Assessments
  • Social Engineering Testing
  • Web Application Penetration Testing*
  • WIFI Penetration Testing*

 

Benefits

A Red Team Assessment provides a number of benefits:

  • Identify physical, hardware, software, and human vulnerabilities
  • Obtain a realistic understanding of risk and vulnerabilities for your organization
  • Assist with addressing and fixing all identified security weaknesses
  • The most thorough and holistic level of cybersecurity testing
  • Test the readiness of an organization by measuring reaction under simulated attacks or breaches
  • Identify weaknesses in security policies, practices, and procedures
  • Help in developing a relevant and complete security program

 

Approach

MainNerve Red Team Assessments utilize a comprehensive, combined approach of social engineering, physical security, and cybersecurity assessments. Through the blending of these three services, you get a comprehensive look at your security posture through the testing of your people, infrastructure, policies and procedures, networks, systems, and hosts. Our approach is based on the NIST SP 800-115 and 14, Technical Guide to Information and Security Assessment; as well as NIST 800-53A, Guide for Assessing the Security Controls for Federal Information Systems; NIST SP 800-19, Developing Security Plans; and DoD 5200 08-R, Physical Security Program, in order to ensure a comprehensive assessment. Through the use of open source intelligence, dumpster diving, ethical physical penetration of your facility… we perform a full-scale attack simulation on your organization to assist with comprehensively securing your business.

Note: Our Physical Security Assessments are conducted by highly-credentialed personnel with law enforcement or special operations backgrounds. They only work with the latest techniques and technologies to ethically test and assess the status of the physical security safeguards in place.

 

Methodology

MainNerve performs Red Team Assessments using the methods detailed in NIST SP 800-115 and 14, Technical Guide to Information Security Testing and Assessment. In order to ensure a comprehensive assessment of your overall security posture, we leverage industry-standard frameworks as a foundation for carrying out each of our tests—network penetration testing, social engineering, and physical penetration testing. Our methodology includes specific phases with continual reporting throughout the entire process.

 

Phases

  • Active Reconnaissance
  • Attempt to Compromise (exploitation of vulnerabilities)
  • Lateral Movement (establish foothold/diversify access)
  • Infiltration of Restricted Areas (domain controller, credentials, etc.)
  • Reconnaissance
  • Looting (package and ethically “steal” data)
  • Reporting and Analysis

 

Deliverables

At MainNerve, the Reporting/Delivery phase of our Red Team Assessment process is one we are incredibly proud of. We strive to effectively communicate the value of our service and findings—and provide you with the information you need to fix any identified vulnerabilities. A Red Team Assessment Final Report with MainNerve Includes:

  • Statement of Scope
  • Statement of Methodology
  • Limitations (if applicable)
  • Testing Narrative
  • Findings
  • Tools and uses
  • Remediation Recommendations
  • Risk Rating
  • Executive Report and Presentation**

 

FAQs

Why should I conduct a red team assessment?

A Red Team Assessment is a multi-blended attack that is simulated from the perspective of a malicious hacker or group of hackers. The objective is to realistically simulate a virtual and/or physical security attack with the goal of uncovering security vulnerabilities that might otherwise be exploited by bad actors. Through the Red Team Assessment process, you gain valuable insight into the overall security posture of your assets—giving you the ability to fix them before hackers are able to cause serious damage.

How long does it take to conduct a red team assessment?

The overall time it takes to conduct a Red Team Assessment depends entirely on the size and complexity of the project assets. This includes physical locations, staff, infrastructure, and more. That being said, most Red Team Assessments take anywhere from two to eight weeks from start to finish.

How much does a red team assessment cost?

Unfortunately, this question is not simple to answer until some level of scoping has been performed. Put simply, the number of locations and objectives will ultimately determine the cost. For example, when determining scope of work, we take into account the following: web applications, networks, number of staff members and target locations, goals, travel from locations, timeframe, and more.

 

OUR CERTIFICATIONS

At MainNerve, we are truly blessed with a talented team of cybersecurity experts and professionals. Our team comes from a background of protecting some of this nation’s most valued assets and have some of the most prestigious certifications the cybersecurity industry has to offer. And we bring that experience to the commercial world… If you’re looking for quality and affordable cybersecurity… the MainNerve cybersecurity team is the team to work with.

cisa cert
CEH cert
CISP cert
CTT cert
NET cert
Security cert
CPTE cert
GWAPT cert
ISO27001 cert
ISO20000 cert