Offensive Security
Red Team
Test and exercise your cybersecurity program against real-world attacks. Praetorian Red Team will put your security capabilities through its paces, while leveraging weaknesses across people, process and technology across prevention, detection and response
Uncover Material Risk
All Praetorian Red Team engineers have demonstrated expertise across multiple industries as well as an intimate knowledge of enterprise technologies and modern environments, including cloud environments, DevOps stacks, and modern SaaS-focused deployments. Their unparalleled level of expertise allows them to discover vulnerabilities others would miss.
Offensive Approach
Praetorian Red Team leverages attacker tactics, techniques, and procedures (TTPs) to achieve a predetermined business impact objective. The exercise moves through each stage of an attack lifecycle, including reconnaissance, initial access, lateral movement and actions-on-objectives.
Red Team Attack Lifecycle
Attack Staging
Prepare the infrastructure and tooling required to orchestrate the attack.
Reconnaissance
Obtain information about the client’s people, process, and technology to identify attack surfaces and provide intelligence to attacks.
Initial Access
Identify and exploit attack vectors to gain initial access to the target environment
Persistence
Establish a persistent foothold within the target environment
Lateral Movement
Compromise additional assets and gain additional privileges in a strategic fashion that supports the attack mission
Privilege Escalation
Compromise additional assets and gain additional privileges in a strategic fashion that supports the attack mission
Actions on Objectives
Understand the standard operating procedures surrounding the attack objectives and perform necessary steps to achieve the goal
Collaborative Attack Objectives
We work with you to set attack objectives that align with specific business risks. The objectives guide the engagement, shaping the technical milestones we establish. Ultimately, we offer a focal point for demonstrating impact.
Sample Attack Objectives
Demonstrate direct financial loss through the transfer of monetary funds to a nominated bank account
Demonstrate access to VIP mailbox, data, or workstation
Demonstrate ability to exert control over an ICS device or environment [water plant, food processing, oil refinement]
Demonstrate control over a critical capability such as power supply to a geographic location
Perpetrate theft of customer data and personally identifiable information such as address, contact details and banking information
How Praetorian’s Red Team Will Work with You
Project Kickoff
Praetorian’s Practice Manager will set up a kickoff call with client stakeholders to introduce the team.
Rules of Engagement and Threat Model
We explicitly determine the scope of the exercise and collaboratively define the attack objective.
Red Team Excercise
Our engineers execute the end-to-end attack lifecycle. Communications occur between the predefined teams in a fluid fashion.
Reporting
Upon completion of the live exercise, Praetorian compiles the draft report.
Debrief
We hold a debriefing call between all participants and the client’s project stakeholders wherein we discuss an in-depth narrative of the exercise.
Why Choose Praetorian
Praetorian Red Team engagements subject client organizations to an end-to-end cyberattack that exercises their Prevention, Detection, & Response capabilities across their People, Processes, and Technology. Our security engineers provide the client’s security team with the opportunity to exercise their defensive playbooks under realistic conditions, without the negative impact of a real- world breach. We put clients’ security assumptions to the test, and provide factual information regarding the current security maturity posture of their organization.
Offensive Security Engineers
Our core team of former NSA operators, CIA officers, and security researchers has the ability to emulate nation states and advanced persistent threats.
Emergent Attack Intelligence
A dedicated research team delivers state of the art attack techniques, builds covert tools, and identifies 0 day exploits for our offensive security operators to deploy on engagements.
Innovative Enablement Platform
Chariot, our continuous threat exposure management solution underpins every engagement, so your team can partner with our experts on the things that matter.
Who Needs this Service
Boards of Directors
Seeking to ascertain the risk of a high profile attack and understand potential impacts to the business, its customers, and partners.
Security teams
Wanting to run their playbooks or justify new security initiatives, budget cycles, or recent security investment
Organizations
Needing to demonstrate resilience against cyber-attacks and/or demonstrate resolution of audit findings as part of previous engagements or regulatory requirements
Ready to Discuss Your Red Team Initiative?
Praetorian’s Offense Security Experts are Ready to Answer Your Questions