Red Team — Definition and Operational Scope
What red teaming means in a security context — the methodology, the difference from pen testing, and what a red team engagement delivers.
A red team exercise is a structured adversary simulation in which a team of specialists — the red team — attempts to achieve defined objectives against an organisation using the techniques, tools, and tradecraft of a real threat actor. Unlike a penetration test, a red team exercise tests the full organisation — technology, processes, and people — and measures detection and response capability as well as prevention.
Definition
Red teaming is a practice originating in military and intelligence contexts where an independent team is tasked with challenging an organisation's plans, defences, or assumptions by thinking and acting as the adversary. In cybersecurity and physical security, a red team exercise involves a specialist team attempting to achieve specific objectives — breach the network, access a specific facility, obtain specific data — using real adversary techniques over an extended engagement period.
Red team vs penetration test
The key distinctions: scope (penetration tests cover specific systems; red teams operate across all domains), objectives (pen tests enumerate vulnerabilities; red teams achieve specific goals), and what is tested (pen tests test defences; red teams test defences, detection, and response). A red team exercise answers: "Could a real adversary with this profile achieve this objective against us?" — a pen test answers: "What vulnerabilities exist in this system?"
Red team components
- Technical — network intrusion, application exploitation, lateral movement, persistence
- Physical — facility access attempts, social engineering of staff, device implantation
- Human (social engineering) — phishing, pretexting, impersonation
- Intelligence — OSINT collection on the organisation and its personnel
Purple teaming
Purple teaming combines red team (attacker) and blue team (defender) in a collaborative exercise where the red team's techniques are shared with defenders in real time or shortly after execution. This improves detection capability faster than a traditional red team engagement where the blue team does not know what the red team is doing.
Frequently Asked
Request a Red Team Assessment
Operational engagements start with a vetted conversation. Mission Support responds inside one working day for governmental and Tier-1 enquiries.
Continue to service brief