Offensive Consulting Services
-
A controlled, goal-based assessment that simulates external or internal attacker behavior to identify and exploit known vulnerabilities. The goal is to focus on discovering technical weaknesses and misconfigurations in specific systems, networks, or applications, within the defined scope and time frame.
Penetration testing scopes can consist of relatively short assessment windows of your selected assets:
External Network Penetration Test - Identify vulnerabilities in public-facing infrastructure.
Internal Network Penetration Test - Assess risks posed by a compromised internal device, BYO device or a malicious insider.
Web Application or Web API Penetration Test - Find and exploit application-level vulnerabilities in your web application or web APIs.
Wireless Network Penetration Test - Assess the security of your corporate Wi-Fi networks.
Cloud Infrastructure Penetration Test - Identify cloud-specific misconfiguration and weaknesses.
-
Assesses the detection capabilities of your defensive team and products, and whether ongoing attacks can be identified at various stages of an attack chain.
Purple Team assessments are a collaborative security exercise that bridges offensive (red team) and defensive (blue team) efforts. The goal is to improve detection, response, and overall security posture by actively sharing Tactics, Techniques, and Procedures (TTPs) during live attack-defense scenarios. TTPs are mapped to a framework, such as MITRE ATT&CK, so that improvements in blue team capabilities can be demonstrated over time.It is common for purple team assessments to have scenarios to explore, such as "a malicious insider threat", or "a ransomware kill chain simulation", or more specific scenarios such as "c2 beacon communication channel detection", or "active directory attacks".
To make the most of a purple team assessment, an organisation should be at a maturity level where defensive solutions and processes are already in place. Industry-relevent threat intelligence also greatly helps with ensuring that simulated attacks are focused. To make the most of a purple team assessment, a blue team is able to provide target assets or systems (or simulations of), and easily modify or create monitoring rules during the assessment as needed.
Borasec can help with your purple teaming and threat emulation, whether open source or closed source tools are required. -
Red Teaming assesses the responsiveness of your defensive team and defensive solutions.
A covert, threat-informed simulation designed to emulate a realistic, persistent adversary. The goal is to assess an organization’s full detection and response capabilities, technical, procedural, and human, by bypassing conventional security controls through stealthy, multi-stage attacks. Red team methods (Tactics, Techniques, and Procedures (TTPs)) used during the assessment are often mapped to a framework, such as MITRE ATT&CK, so that improvements in blue team responsiveness can be demonstrated over time.It is common for red team assessments to have clear goals to achieve, such as "extraction of financial information from database systems" or "compromise and control of specific cloud-infrastructure assets and lateral spread to on-premises servers", or "business disruption via ransomware spread". Industry relevancy of threats is essential to choosing the right goals for the engagement; threat modelling.
Key members of an organisation (the "white team") are the only parties knowledgeable to the assessment, to ensure its integrity. This may also include third-party consultancies performing the red team assessment. Blue teams are not made aware of any activity, as their capabilities are under assessment.
Well organised red team assessments are allocated enough time and team resources to prepare before initiating any attacks.
To make the most of a red team assessment, an organisation should be at a maturity level where defences are already tuned, and the red team well resourced to perform the sometimes lengthy assessment. It is generally expected that an organisation has undertaken a number of purple teaming-type assessments to tune defensive measures, prior to pursuing red team assessments.
Choosing the right security assessment
Ensuring that you choose the most appropriate assessment and scenarios for your organisation and your assets will ensure that the assessment is executed and delivered efficiently, with the results of the assessment usable by your organisation.
| Aspect | Penetration Testing | Purple Teaming | Red Teaming |
|---|---|---|---|
| Objective | Identify and exploit technical vulnerabilities | Improve detection and response through collaboration | Simulate real-world threat actors to test overall defense |
| Approach | Direct and scoped, often checklist-based | Co-operative and iterative with defensive (blue) team | Covert, unannounced (to defensive (blue) team), threat-informed |
| Team Innvolvement | Offensive team only | Both offensive (red) and defensive (blue) teams working together | Offensive (red) team simulating adversarties; defensive (blue) team unaware |
| Scope | Predefined systems and attack types | Shared and evolving scope focused on defensive gaps | Broad and realistic, emulating APTs or specific threat actors |
| Timeframe | Short-term (days to weeks) | Ongoing, or iterative engagements | Long-term (weeks to months) |
| Outcome | Vulnerability report with exploit proof-of-concepts | Improved SOC rules, detection capabilities, and team collaboration | Full assessment of detection, response, and resiliance vs goals |
| Stealth Requirement | Low | Moderate to low (depending on goals) | High |
| Tooling | Standard offensive tools and scripts | Custom tooling, detection tuning, and attack simulation frameworks | Advanced adversary emulations and tradecraft |