Cibersecurity
Red team
Our team of experts test the effectiveness of your company's critical production systems against the most sophisticated cyber-attacks. We offensively simulate the same tactics, techniques and procedures used by cybercriminals with the aim of evaluating your organisation's real protection, detection and response capabilities.
We offer you the services of our Red Team to perform simulated attacks with the techniques used by cybercriminals to not only detect vulnerabilities, but also exploit them to assess the real impact and scope of a possible attack.
We have an ethical hacking team specialised in this type of services that uses methodologies such as OSINT, Phishing, OSSTMM, OWASP or PTES with the aim of detecting, exploiting and analysing security weaknesses by impact and proposing solutions.
Types of Red Team services:
Black box: our team has no prior knowledge about the infrastructure that will be tested, so it is the type of Red Team most similar to a real attack. Since our team will only use public information, just like cybercriminals do. It allows for a more realistic assessment of your company's risk level.
White box: our team has knowledge of all essential company information, both logical network map and passwords.
Grey box: this is a mix of the two previous types, as our team has some information about the company. Our team simulates the position of different internal users with passwords to determine how far they can escalate and the damage they can do.
This type of service allows you to know the damage that can be done by an external or internal attacker. The result of this controlled attack helps to determine the degree of your company's IT security and to address the solutions that eliminate the security problems detected.
It is the most effective way to know the real state of your security and the capacity of your teams to respond to incidents. They reproduce access attempts by an intruder from different entry points (both internal and external), helping to demonstrate the degree of weakness of the system while analysing the consequences and risks of an illegal access.
