FAQs

What’s the difference between Penetration Testing and Red Teaming?

At it’s core Penetration Testing is meant to identify and exploit as many vulnerabilities as possible. Red Teaming is Adversarial Emulation. A Penetration test deliverable is a report identifying the systems and techniques that can be used as a roadmap to make your organization more secure. A Red Team is a real time engagement. The goal of a Red Team is to generate alerts and IOCs for your Security Team to get experience against a real Threat Actor. The deliverable of a Red Team engagement would include the attack paths, list of compromised machines, IOCs and TTPs leveraged to obtain the flag. A security team can then review the after action report and determine if they missed any IOCs and if there is additional logging or alerting that needs to be configured.

What’s the difference between in-person social engineering and Physical Penetration Testing?

Do you want to test security controls or your people? For in-person social engineering our Operators will create pretext, wear disguises and attempt to deceive your employees and gain access using our words and our backstory. On a physical Penetration test our Operators will more heavily leverage bypass tools and lock picking to gain access to your facility. Operators will use cloned badges to circumvent door controls and only engage with employees as a last resort. If you’re interested in both approaches we can scope it as a hybrid engagement.

Where do I start?

You wouldn’t step into the ring with a professional boxer without training would you? We recommend consulting our Cyber Maturity Roadmap to determine which of our services is right for you. If you’re security program is in it’s infancy we recommend starting with our Vulnerability Assessment and working through the Roadmap. One size doesn’t fit all and we’re happy to work with your organization to determine what course of action leaves you the most secure.

Can I bundle services?

We encourage our customers to bundle some form of Social Engineering with a Penetration Test. Due to the size and complexity of Assessments and Adversarial Emulation we recommend tackling those projects individually. We’re happy to help your team develop an internal roadmap you can use to set strategy and plan for budget.

What if we need a service you don’t have listed?

We offer bespoke assessments that don’t fit into conventional boxes, a discovery and scoping call will be necessary to determine if an engagement is within our teams wheel house. Integrity is our most important value and we make it a point to only take projects we can deliver our highest quality of service on. Our team has extensive experience in the Oil and Gas, Critical National Infrastructure, Banking, and Tech. We’ve been engaged to simulate everything from crashing an Oil Tanker to a full scale crypto heist for an online exchange.