Red Teaming & Red Team Excercise | VerSprite Application Security

Red Teaming

Threat Inspired Exploitation Services

As a company focused on simulating realistic attack patterns, VerSprite doesn’t negate the physical possibilities of intrusion. Offering both traditional red teaming exercises and a new variant called Organizational Threat Modeling exercises, we took traditional red teaming and leveraged the PASTA threat modeling framework to deliver attack simulations against organizations who wish to know the resiliency of their company from all angles. Whether you have a targeted need that is best served by a traditional red team, or would like a cyberthreat exercise that simulates the likely threat motives and underlying attack patterns against employees, vendors, physical locations, self-managed logical networks, and Cloud based services. More detail around both services is presented below.

Red Teaming

OSINT? Check. Smishing? You got it. Spoofed domains w/ TLS certs? Like a boss. Human hacking via Impersonation? Hold our beer. If you’re looking to extend beyond robo phishing emails and non-imaginative red team engagements, come talk to us. We custom a menu of red teaming engagements based upon a realistic threat model for your industry, industry sub-segment, and business model. More importantly, we strategically align red teaming goals to both security awareness objectives as well as corporate security governance controls to provide the integrated approach that defines us. Learn how VerSprite’s Red Teaming exercises can align to both corporate governance reinforcement opportunities as well as measuring the real security awareness of company officials.

Speak to an Expert →

Organizational Threat Model

Organizational Threat Models – a service that simulates real world attacks based upon evidence supported threat motives – was created after VerSprite received client requests on how the PASTA application threat modeling approach could help simulate multi-faceted, threat based attacks against target organizations.

Each organizational threat model begins with an examination of threat motives. We examine high impact targets for a target organization and correlate to scenarios such as extortion, IP theft, sabotage, data exfiltration, persistence for malware propagation, and much more. A custom threat library per client is mapped to identified business impact scenarios for a target organization.

Once a model has been established, our team launches attack patterns that support threat objectives from modern day syndicates, corporate mercenaries, opportunistic hackers, insiders, and more. Ensuing attack simulations center around one or several threat scenarios, each focused on realizing high impact situations.

As a risk centric approach, organizational threat models can help depict where a security program for an organization is weakest. For this reason, organizational threat models help to define a very effective roadmap for a security program as it illustrates consequences if identified gaps are not remediated. Deliverables and results from these engagements message better to senior management officials since the context of threats, threat viability, and effectiveness of security mitigators are well reflected by the organizational threat model.