Understanding Red Teams and Penetration Tests

Ingrid Kaffka
6 min readJun 18, 2021

Key Takeaways

  • Our Penetration Tests inform a comprehensive report that details the weaknesses Red Canari experts discover across an attack surface. Each Red Canari Penetration Test measures both zero-day and known weaknesses with our proprietary risk rating methodology. We deliver actionable recommendations on remediation and mitigation measures.
  • Our Red Team assessments measure the effectiveness of organizations’ people, processes, and technology against a simulated real-life threat event. Each Red Canari Red Team begins with a comprehensive research-based assessment that informs a validated threat profile and ends with a detailed report.


Red Canari provides its partners fully customized services that emulate the threats of potential cyber adversaries. Both Red Team assessments and Penetration Tests evaluate an organization’s readiness by assessing its security posture. Red Team and Penetration Test engagements are important components of a complete, holistic, and effective cybersecurity programme. Though both are vital, they are distinct services that provide important value. This blog helps you understand how each service is unique and can provide important outcomes for your organization.

The Red Canari Red Team Assessment

Our Red Team assessment uses the Tactics, Techniques, and Procedures (TTPs) to emulate a real-world threat in a fully simulated cyber assault against a target. The assessment measures the effectiveness of the people, processes, and technology that defend an organization’s environment. While Penetration Tests uncovers exploitable weaknesses on the attack surface, a Red Team assessment simulates what happens when a threat actor compromises a network or its systems. The exercise tests the ability of a cybersecurity programme to detect and respond to an incident in real-time. Only a Red Team assessment will give defenders the opportunity to react to a simulated real-world threat scenario in real-time, without the real-world consequences.

At Red Canari, we break down our Red Team engagements into four phases. During the initial Planning phase, we establish project governance, finalize the roles and responsibilities, agree to the Rules of Engagement, create a Risk Management plan, and finalize a validated threat profile unique to the organization. During the Execution phase, our Red Team performs in-depth reconnaissance by carefully planning and executing the infiltration stage of the attack. In the culmination phase, we sanitize and clean up the environment by disabling our system controls, and self-destructing or removing all exploits, toolkits, and persistence mechanisms. The final reporting phase includes an executive-level debrief; a detailed technical report which includes the identified risks and recommended safeguards or remediation activities; and a collaborative workshop between the leaders of the Red Team, Blue Team, and the Engagement Control Group to discuss the exercise in its entirety.

Red Canari’s Red Team assessments take an active, hands-on, methodical, and scenario-based approach. The detailed outcomes we provide our partners form the knowledge they need to effectively defend their environment from likely attackers. Red Team assessments are the only way for an organization to fully prepare its defences to detect and respond to an intelligent threat that has compromised its network or systems.

A Red Team assessment does not try to deliberately uncover all the flaws, weaknesses, or vulnerabilities on an attack surface; rather, only one weakness needs be to exploited to gain access to an environment and establish a foothold. Instead, Red Team assessments simulate the experience of a real-world attack for Blue Teams. These assessments measure for each organization just how much damage can be done with just one vulnerability. Thus, it is critical for an organization to be able to identify Indicators of Compromise (IOCs) to detect a threat actor that has breached an environment, cut off its lateral movement, and remove them from the network or systems before they accomplish their intended goals and objectives.

If an intelligent threat actor intends to breach your environment — they will find a way to do it eventually, regardless of how well the attack surface is protected. Our Red Team assessments measure the security posture and response capabilities of an organization and simulates the threats it faces to build confidence and muscle memory in its Blue Team. A Red Team assessment gives organizations critical knowledge to strengthen the people, processes, and technology that are in place to detect and respond to threats.

A Red Canari Penetration Test

In contrast to Red Team assessments, Penetration Tests discover zero-day and known vulnerabilities on an attack surface and exploit them. During these tests, our Penetration Testers identify and understand the vulnerabilities, weaknesses, and flaws; measure their level of risk; and offer actionable recommendations for remediation and mitigation.

At Red Canari, we break down our Penetration Test engagements into four phases. During the first phase, we gather intelligence about the target’s infrastructure and defences. In the second phase, we use a combination of automated and manual tools to scan for and identify potential vulnerabilities. In the third phase, we exploit the vulnerabilities identified during the Scanning phase to develop and breach the target’s perimeter defences. In the final phase, we establish a beachhead for future attacks by leveraging compromised assets and repeating the entire process. This enables Red Canari to provide organizations with the most thorough Penetration Test experience because our methodology guarantees the discovery of zero-day vulnerabilities.

Our Penetration Tests take a dynamic, manual, organizational, and exploration-based approach. We provide actionable intelligence on how specific vulnerabilities found on an attack surface can be exploited. Penetration Tests identify all the ways that a threat actor could exploit an organization across an attack surface. In the final report, Red Canari provides organizations with a detailed list of all the vulnerabilities we have identified, ranks and measures their risk based on outcome severity and probability of compromise, and delivers concise actionable solutions for remediation and mitigation.

Penetration Tests inform an organization’s strategic approach to improving its security posture by identifying vulnerabilities on the attack surface, measuring their compliance of its security policy, and testing the staff’s awareness of security issues to determine how the organization would be subject to security breaches.


Both a Red Team and a Penetration Test simulate real-world attacks from cyber adversaries. Red Canari Red Team assessments provide a simulated experience to measure an organization’s ability to detect and respond to an intelligent threat actor that has compromised an environment. These assessments are fully customized to the target organization and include the creation of a validated threat profile unique to them that informs their cybersecurity posture. Red Canari Penetration Tests provide an organization with a comprehensive list of flaws across its attack surface, measures risks, and provides recommendations on how to mitigate them. Each engagement is as unique and specialized as the organizations we perform them for. Whether your organization is looking for a Penetration Test or a Red Team assessment, we can provide a fully customized service that is tailored to your unique needs. Contact us today to learn more about how we can help strengthen your resilience.