0850 800 1483
While the red team and the blue team basically aim to improve the security policies of the institution, they follow two different ways of working. Both teams need to work together for the audit to be successful. While the red team reports the tests in which an aggressive attacker is simulated and the vulnerabilities found, the blue team monitors and reports the steps to be taken to eliminate vulnerabilities in the system.
Red team; While the blue team is expected to know what an SQL injection is, use network scanning tools, use scripting languages, and master the use of offensive tools to recognize router and firewall commands; expected to understand any phase of incident response, master his/her share of tools and languages, recognize suspicious traffic patterns, identify indicators of compromise, perform analysis and forensic testing across different operating systems. In short, the red team is the team that tries to infiltrate the system, and the blue team is the team that tries to protect the system against penetration tests.
The red team is involved in identifying the security vulnerabilities of company networks, applications and employees by simulating a comprehensive and multi-layered cyber attack and preventing these identified vulnerabilities. In order for the simulated attack to be effective, the red team organizes a variety of attacks, from social engineering to malware, providing critical benefits to the organization in preventing breaches and vulnerabilities in a real attack scenario. Red team methodology is Discovery - First Attack - Ensuring Permanence - Increasing Impact - Data Leakage - Reporting.
At this stage, as much information as possible about the target to be tested is collected. Any information the infiltrator can gather, such as employee names, phone numbers and email addresses, will be vital.
This is the stage where the infiltrator gains access (infiltrates) the system by using all the weaknesses and possible vulnerabilities he finds regarding the target.
This is the stage where real attackers gain permanence in the system by applying all known tactics and procedures. There are many ways to ensure persistence, such as placing malicious code in some files in the system, increasing privileges in the system and leaving a backdoor to an active service on the server.
This is the stage where the infiltrator identifies the network topology and increases his authority by using all known vulnerabilities in the system. Increasing authority also greatly increases the possibility of maintaining permanence in the system.
The person who leaked; This is the stage where the target tests security controls by leaking important information such as e-mail, contact data and documents.
This is the stage where all the evidence collected and all vulnerabilities found are explained in detail and how these vulnerabilities can be eliminated is reported.
Social Engineering (E-mail/Phone)
It is checked for any backdoors to gain some form of entry into the target. Penetration testing begins with phishing e-mails and social engineering style attacks. The goal here is to capture the username and password combinations that can be obtained in order to create the first serious crack in the defense zone.
Once the red team determines the first entry point to the organization, the next step is to determine which area of the network infrastructure can provide more profit, and this covers three main areas.
The biggest vulnerabilities in this area are unstructured or misconfigured server and network traffic.
In this area, weaknesses that can be exploited in the target system are identified. It is checked whether unauthorized entry to the institution can be made.
Web-based applications are checked for security vulnerabilities such as SQL injection attacks, cross-site scripting attacks, cross-site request forgery attacks.
Blue team; It takes part in evaluating network security and vulnerabilities and creating intervention strategies to strengthen the defense mechanism. The goal is structured in three stages.
This is the stage where vulnerabilities in the system are identified and reported.
How to eliminate the identified security vulnerabilities is evaluated.
The system is configured to eliminate vulnerabilities.
They often involve more people, resources, and time to fully understand realistic levels of risk and vulnerability to an organization's technology, people, and physical assets. RedTeam Pentesting is often used by organizations with more mature or advanced security postures. After penetration testing and detecting most vulnerabilities, physical testing attempts to access sensitive information and breach defenses. It has an expanding scope from mixing the garbage in front of the relevant institution building to physically entering the Data Center of the relevant institution in order to obtain data. With the RedTeam Penetration Test, you have the opportunity to examine the security of your organization in depth from every aspect.
RedTeam Penetration tests begin with exploration to gather as much information as possible about the goal of learning about people, technology and the environment in order to build and obtain the right tools for engagement. By using Open Source Intelligence Gathering, RedTeam teams can gain a deeper understanding of infrastructure, facilities, and employees to better understand the target and their operations. It also allows for weaponization such as creating payloads of special malicious files, crafting RFID cloners, configuring hardware trojans, or creating fake individuals and companies. As part of testing, RedTeam teams take actions that indicate any opportunity for exploitation at the target, such as face-to-face social engineering or hardware trojan. The next step is to bypass physical checks to exploit these vulnerabilities and compromise servers, applications and networks or prepare for escalation. During the setup phase, Red teams take advantage of the exploit step to create a safe haven. Presumably, they try to gain command and control with all this operation, either by compromised servers or malicious file upload, or by using physical key representations and locking selected doors. When remote access to exploited systems is stable and reliable, the stage is set for targeted actual actions such as consuming critically sensitive data, information or physical assets.
Copying ID Cards of your employees using the Blackbox method, the availability of your institution's leaked information not only on the Internet, but also on the Deep and Dark Web, the general profile and vectors of phishing attacks on your employees' general profile and interests, the attention and awareness of the security personnel at the entrance of the institution, Our team, which has experience and knowledge on many issues such as the awareness of your institution employees about information security, the effects of malicious hardware to be coded on your systems, and so on; It will guide you with real-life scenarios to determine not only how secure and stable your information systems are, but how secure your organization is in every aspect.