SEKurity GmbH

RED TEAM OPERATIONS

Not a scan.An operationwith a clear goal.

Our red team engagements typically run six to twelve weeks and do not end with a list of open ports. They end with an answer to a question your board has asked: can somebody compromise our most important asset without us noticing?

Request an operation

01 · OBJECTIVES

Objective-driven, not checklist-driven.

Together with you we define hard, verifiable goals: domain takeover, exfiltration of a defined dataset, access to an OT segment, compromise of a privileged administration workstation. Every objective has a binary criterion — reached or not. Secondary objectives emerge organically from the operation.

02 · KILL CHAIN

Seven phases, one operator log.

  1. PHASE · 01

    Reconnaissance

    External mapping of your attack surface, employee profiles, technology indicators, and supply chain. The foundation for tailored entry vectors.

  2. PHASE · 02

    Initial Access

    Spear phishing, exposed services, physical vectors, voice-based social engineering. Proven TTPs first, custom tooling where needed.

  3. PHASE · 03

    Foothold & C2

    Establishing a stable command-and-control channel with realistic beaconing patterns. EDR-awareness and OPSEC discipline are baseline.

  4. PHASE · 04

    Privilege Escalation

    Local and domain escalation. Kerberos abuse, delegation paths, ADCS misconfigurations, tier-0 compromise.

  5. PHASE · 05

    Lateral Movement

    Movement along identified trust relationships while deliberately avoiding obvious indicators. No mass mimikatz, no noise.

  6. PHASE · 06

    Objective Execution

    Reaching the agreed objective. For data exfiltration we use pre-seeded canary records, never real customer data.

  7. PHASE · 07

    Purple Team Closeout

    Joint replay session with your blue team. Every TTP replayed, detected or not, documented. Operation becomes measurable improvement.

03 · METRICS

Numbers your board will actually read.

KPI · 01

Mean Time to Detect

Measured per kill-chain phase. You see exactly where your visibility collapses.

KPI · 02

Detection Coverage

Coverage of used TTPs against MITRE ATT&CK, weighted by phase and criticality.

KPI · 03

Time to Objective

Duration from initial access to objective. Benchmarkable against prior engagements.

MEASURE MATURITY

An operation your SOC will not forget.

We calibrate scope and TTP sophistication to your current maturity. Every engagement ends with a detection-engineering backlog your team can work on immediately.

Start scoping