Red Team & Adversary Simulation

Objective-led, intelligence-driven adversary simulation that tests the entire detection, response, and recovery capability of the organisation — not just its perimeter.

Red Team vs Penetration Test

A penetration test verifies that an in-scope asset is free of known vulnerability classes. A red team engagement asks a different question: given an adversary motivated to achieve a specific business-impacting objective, can they do so without being stopped? The deliverable is not a vulnerability list — it is a sober assessment of operational security capability under sustained, targeted pressure.

Engagement Profiles

  • Threat-Led Penetration Testing (TLPT) — DORA Article 26-aligned, TIBER-EU-compatible engagements for financial entities
  • CBEST / iCAST — equivalent frameworks for jurisdictions with prescriptive intelligence-led testing
  • Purple Team — collaborative, tooling-validation engagements with the in-house defensive team
  • Tabletop and Live Crisis Simulation — board, executive, and incident-response capability exercises
  • Physical and Social Engineering — premises access, badge cloning, phishing, vishing

Methodology — MITRE ATT&CK Aligned

Red team campaigns are planned and executed against the MITRE ATT&CK Enterprise Matrix, covering all 14 tactic categories from Initial Access through Impact. Operations are documented at the technique and sub-technique level to enable detection-engineering follow-through.

  1. Targeted threat intelligence — adversary selection, capability and motivation modelling, attribution to known TTPs
  2. Reconnaissance and resource development — OSINT, infrastructure provisioning, capability staging
  3. Operational execution — initial access, foothold, privilege escalation, lateral movement, objective achievement
  4. Detection-response replay — joint review with the defensive team to validate alert generation, triage, and response timing
  5. Findings & remediation — prioritised by detection-engineering value, not vulnerability count

Governance & Authorisation

Every red team engagement begins with a written Rules of Engagement document signed by an executive sponsor, defining authorised activities, prohibited assets, escalation contacts, and de-confliction procedures. Operations conform to the CREST Code of Conduct.

See also: DORA Compliance · Regulatory Penetration Testing

Request a Red Team Briefing