La Red Team (or Red Team) is a team specialising in simulating attacks to assess and strengthen the security of organisations. It adopts an offensive and proactive approach by putting itself in the shoes of cybercriminals. Their aim is to test the company's defences by exploiting potential flaws in systems, networks and applications in order to identify vulnerabilities, test resilience and improve defences.
The Red Team is often supplemented by a Blue Team (or blue team), which represents the defenders or security forces. Together, they take part in exercises called Red Team/Blue Teamto improve coordination and preparedness in the face of real threats.
A Red Team is made up of offensive security experts, often called pentesters or ethical hackers, who use advanced techniques to reproduce realistic attack scenarios.
🎯 Main objectives
- Identify vulnerabilities or non-obvious weaknesses.
- Test the readiness and resilience of existing defences.
- Anticipate potential threat or attack scenarios.
- Suggest concrete improvements to close the loopholes.
Methods used
Methods used- Passive (OSINT) or active reconnaissance
- Simulated attacks Practical tests based on realistic scenarios.
- Intrusion tests physical attacks (infiltration of premises, etc.) or computer attacks (pentests) by identifying and exploiting vulnerabilities in information systems.
- Critical analysis Review of strategies, policies and plans to anticipate failure.
- social engineering : phishing by e-mail, SMS or telephone; psychological manipulation of employees to obtain sensitive information.
The Red Team generally follows a multi-stage process:
- Acknowledgement information gathering on the target, including OSINT (Open Source Intelligence).
- Scanning : use of advanced tools to discover open ports and vulnerabilities.
- Intrusion : attempt to penetrate systems by exploiting identified vulnerabilities.
- Propagation Extending access by compromising other internal systems.
- Elevation of privileges : obtaining higher levels of access to the compromised system.
- Maintaining access attempt to remain undetected in the system. Setting up backdoors.
- Exfiltration and reporting extraction of sensitive data and drafting of a detailed report with recommendations.
A concrete example A Red Team could simulate a spear phishing attack by sending fraudulent emails to employees, then attempt to exploit the compromised systems to gain access to sensitive data..
Jargon and terminology
- Trophies specific objectives defined for the Red Team, such as access to a critical server.
- C2 (Command and Control) infrastructure used by the Red Team to control compromised systems.
- TTPs (Tactics, Techniques, and Procedures) The set of methods used by the Red Team to simulate realistic attacks.
- MITRE ATT&CK framework used to model attacker behaviour and guide Red Team operations.
In France, the Red Team concept has been adopted by the Ministry of the Armed Forces with the creation of the Red Team Defence in 2019. Made up of science fiction authors, scriptwriters and military experts, the team's mission is to imagine the future threats that could affect France between 2030 and 2060. It anticipates the technological, economic, societal and environmental risks likely to generate future conflicts.
In November 2024, Red Team Defence became RADAR (Rassembler, Anticiper, Dérisquer, Agir, Réagir), a wider initiative designed to strengthen the strategic anticipation capability of the Ministry of the Armed Forces. RADAR is capitalising on the experience gained by the Red Team to continue and expand its thinking on future threats.
📊 Statistics and figures
- A Ponemon Institute study found that organisations using Red Team exercises reduced the average cost of a data breach by $1.6 million..
- According to IBM's "Cost of a Data Breach" report, companies that set up Red Team and penetration test teams saved an average of $2.8 million on the total cost of a data breach.
