Initial access
Validation of entry vectors such as targeted phishing, controlled payloads, abuse of exposed services, leaked credentials and other paths compatible with the defined scenario.
Red Team · 02 · service
We simulatethe adversarybefore they arrive.
Multi-vector operation based on TTPs used by current threat actors. The goal isn't just to find vulnerabilities, but to validate whether the organization can detect, respond to and contain a realistic intrusion attempt.
Not Pentest under another name.
A Red Team operation starts quietly, with passive reconnaissance, OSINT and mapping of people, technologies, processes and public exposures. From the defined scenario, we run controlled attack vectors such as phishing, exploitation of exposed assets, social engineering, physical access or supply chain simulations — always within the approved scope. The goal is to validate the full chain: initial access, persistence, lateral movement, privilege escalation and simulated exfiltration, while defensive controls are assessed under conditions close to a real attack.
What the operation can cover
Detection validation
Each executed technique is mapped against MITRE ATT&CK, allowing us to identify what triggered an alert, what passed unnoticed and where visibility gaps exist.
Sensitive asset access
Controlled attempt to reach critical assets such as personal data, secrets, intellectual property, production environments or systems essential to the business.
Social engineering
Realistic phishing, vishing, smishing campaigns and physical interactions when included in scope, with a controlled approach and clear safety criteria.
Persistence and lateral movement
Assessment of paths for persistence, credential abuse, privilege escalation and movement between segments, systems and identities.
Simulated exfiltration
Controlled demonstration of the possibility of data exit, without exfiltrating real information, validating the effectiveness of controls such as DLP, SIEM, EDR and response processes.
Privilege escalation
Assessment of paths to elevate permissions from initial access, exploring misconfigurations, credential abuse, excessive permissions and trust relationships between systems, users and domains.
Command & Control
Controlled simulation of communication between the compromised environment and the operation's infrastructure, validating whether proxies, EDR, SIEM, firewall, DNS and other controls can identify or block suspicious channels.
How the operation runs
01step
Threat modeling
We define which adversary profiles make sense for the organization's context, considering sector, exposure, critical assets, motivation and expected technical capability.
02step
Reconnaissance
We run passive OSINT to map technologies, people, processes, public exposures, connected third parties and possible entry vectors.
03step
Initial access
We execute the vector approved in scope, such as phishing, abuse of external exposure, social engineering, physical access or supply chain simulation.
04step
Post-compromise
We assess persistence, privilege escalation and lateral movement, with every action logged, controlled and mapped against MITRE ATT&CK.
05step
Operation objective
We try to reach the previously agreed target — a critical system, sensitive data, business process or strategic environment — always with controlled demonstration and no real exfiltration.
06step
Debrief
We run a joint session with the involved teams, presenting the operation timeline, executed techniques, observed detections and improvement recommendations.
Why it matters
benefício
Real response, tested
You learn whether the SOC detects, responds and escalates events within the expected time, before that's validated by a real incident.
benefício
Visible coverage gaps
It becomes clear which techniques were detected, which slipped by, which triggered late alerts, and where the controls need to evolve.
benefício
Practical learning for the Blue Team
The defensive team follows a realistic operation, understands adversary behavior and turns each stage into improvements in detection and response.
benefício
Scenario aligned to your sector
The operation is built on threats relevant to the business, avoiding generic simulations disconnected from the organization's reality.
benefício
Metrics for decision-making
Indicators like MTTD, MTTR, detection rate by technique and coverage by TTP help translate the operation into data useful for leadership and governance.
benefício
Practical defense validation
Instead of assuming the security stack works, the organization observes how its controls behave during a controlled intrusion.
FAQ
No. Pentest offers broader technical coverage of vulnerabilities on defined assets. Red Team assesses the organization's ability to detect, respond to and contain a realistic attack chain. In mature environments, the two approaches complement each other.
Want to know if your detection actually works?
Describe the environment, the main assets and what worries your team the most. We'll come back with a suggested scenario, scope, estimated timeline and proposal.