Obtain access to sensitive data
Demonstrate whether an attacker can reach specific data stores or regulated information.
Red Team & Scenario-Based Engagements
Test your organisation against realistic multi-stage attacks and validate your ability to detect, respond, and recover.
From point-in-time tests to realistic adversary simulation
Traditional penetration tests are essential, but they often focus on specific systems or applications. Red team and scenario-based engagements take a broader view, simulating how a determined attacker would pursue specific objectives using a blend of technical attacks and social engineering.
Cyber Defence designs engagements that align with your threat model, risk appetite, and operational maturity, ensuring that tests are challenging but controlled.
Objectives
Examples of red team objectives
Each engagement starts with clear, agreed objectives. Examples include:
Compromise a key business service
Test whether critical systems can be disrupted or controlled by an attacker.
Gain domain or cloud admin
Assess whether current controls prevent escalation to the highest privilege levels.
Move from external to internal
Simulate a full kill chain from Internet to internal compromise and data access.
Test incident detection and response
Evaluate whether your SOC or MSSP detects and responds to realistic attack activity.
Validate security programme outcomes
Assess whether investments in controls and processes have meaningfully reduced attack paths.
How a typical red team engagement runs
-
1. Scoping, rules of engagement, and legalities
Agreeing objectives, constraints, authorisations, and communication protocols to ensure safe and controlled testing.
-
2. Reconnaissance and planning
Gathering intelligence on your organisation, systems, and staff to identify potential attack avenues.
-
3. Initial access and foothold
Attempting to gain a foothold using agreed techniques, which may include phishing, external exploitation, or other methods.
-
4. Lateral movement and objective pursuit
Expanding access, maintaining persistence, and moving towards agreed objectives while tracking detection opportunities.
-
5. Evidence capture and deconfliction
Capturing detailed evidence of actions taken while avoiding harm to production systems.
-
6. Reporting, debrief, and purple teaming
Providing a thorough report and conducting joint sessions with defenders to walk through the activity and tune detections.
Purple teaming: turning findings into improvements
For many organisations, the most value comes not just from running a red team, but from using it to strengthen detection and response. We support purple team exercises where our offensive specialists work directly with your defenders and SOC365 team to tune detection rules, alerts, and playbooks based on real attack activity.
Design a red team engagement that fits your reality
We will help you define realistic objectives, boundaries, and success criteria, and run an engagement that provides maximum insight with controlled risk.