Red Team Exercise

“There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again.” Robert S. Mueller, Ex Director FBI.

Red Teaming is the only exercise that properly tests an organisations defences. This is a service where CSA use all means available to try and infiltrate a customer’s defences both physically and digitally.

Normally only a few members of the organisation that have commissioned the red team exercise are aware to provide maximum reality. Multiple sites over multiple locations can be covered, and the CSA team will play the role of a determined attacker using both physical and digital means of attack.

During red team exercises, CSA employ their full service suite of discovery and attack techniques, starting with a threat reconnaissance report to identify any obvious vulnerabilities that can be exploited. Exposed vulnerabilities could include but not limited to; compromised email addresses or passwords, released security patches that haven’t been applied and out of date software or hardware. Further probing using the latest attack tool-sets and a full vulnerability scan would be used to identify weaknesses for exploitation with a follow up penetration test.

Some organisations are better prepared to defend against an attack then others which will result in either a successful or failed remote attack. The second phase of a red team exercise includes physical breach attempts on the target organisation. CSA use multiple attack methods to probe physical defences using technology and tools as well as impersonating individuals to attempt entry.

Once CSA has completed the exercise all vulnerabilities and recommended remedial actions are detailed in a comprehensive report. It is good practice to conduct red team exercises annually to ensure that an organisation perimeter is protected and not easily breached. Contact us to discuss our discounted annual red team testing packages. 


CSA has a team of experienced and certified cyber professionals who carry out our assessments. CSA adheres to the OSSTMM penetration testing methodology and code of ethics. Most of the CSA advisors are former UK Government cyber operations specialists who bring extensive Governmental and Industry cyber experience and expertise. At least one member of the assigned testing team will hold the Certified Information Systems Security Professional (CISSP) certification, in addition to bespoke cyber technical certifications and qualifications such as OSCP (Offensive Security Certified Professional).