Skip to content
    Wiki

    Red Team — Definition and Operational Scope

    What red teaming means in a security context — the methodology, the difference from pen testing, and what a red team engagement delivers.

    Mission Support Editorial Desk · 2026-07-06

    A red team exercise is a structured adversary simulation in which a team of specialists — the red team — attempts to achieve defined objectives against an organisation using the techniques, tools, and tradecraft of a real threat actor. Unlike a penetration test, a red team exercise tests the full organisation — technology, processes, and people — and measures detection and response capability as well as prevention.

    Definition

    Red teaming is a practice originating in military and intelligence contexts where an independent team is tasked with challenging an organisation's plans, defences, or assumptions by thinking and acting as the adversary. In cybersecurity and physical security, a red team exercise involves a specialist team attempting to achieve specific objectives — breach the network, access a specific facility, obtain specific data — using real adversary techniques over an extended engagement period.

    Red team vs penetration test

    The key distinctions: scope (penetration tests cover specific systems; red teams operate across all domains), objectives (pen tests enumerate vulnerabilities; red teams achieve specific goals), and what is tested (pen tests test defences; red teams test defences, detection, and response). A red team exercise answers: "Could a real adversary with this profile achieve this objective against us?" — a pen test answers: "What vulnerabilities exist in this system?"

    Red team components

    • Technical — network intrusion, application exploitation, lateral movement, persistence
    • Physical — facility access attempts, social engineering of staff, device implantation
    • Human (social engineering) — phishing, pretexting, impersonation
    • Intelligence — OSINT collection on the organisation and its personnel

    Purple teaming

    Purple teaming combines red team (attacker) and blue team (defender) in a collaborative exercise where the red team's techniques are shared with defenders in real time or shortly after execution. This improves detection capability faster than a traditional red team engagement where the blue team does not know what the red team is doing.

    Frequently Asked

    Primary action

    Request a Red Team Assessment

    Operational engagements start with a vetted conversation. Mission Support responds inside one working day for governmental and Tier-1 enquiries.

    Continue to service brief