Red Team
What is Red Team?
Red TeamAn offensive security group that emulates real adversaries end-to-end to test how an organization detects, contains, and responds to attacks.
The Red Team concept originates from Cold War military exercises, where the "red" force played the adversary against the friendly "blue" force. In cybersecurity, a red team performs adversary emulation: it picks objectives (e.g., domain admin, exfiltrate crown-jewel data) and uses realistic TTPs to reach them while the blue team and SOC remain mostly unaware. Unlike penetration testing, red teaming is goal-oriented, stealthy, and measures detection and response, not just vulnerabilities. Engagements typically deliver narrative reports, ATT&CK heatmaps, and recommendations that influence detection engineering, incident response, and security architecture.
● Examples
- 01
Achieving domain admin starting from a phishing email and chained AD misconfigurations.
- 02
Demonstrating data exfiltration from a SaaS environment without triggering DLP.
● Frequently asked questions
What is Red Team?
An offensive security group that emulates real adversaries end-to-end to test how an organization detects, contains, and responds to attacks. It belongs to the Defense & Operations category of cybersecurity.
What does Red Team mean?
An offensive security group that emulates real adversaries end-to-end to test how an organization detects, contains, and responds to attacks.
How do you defend against Red Team?
Defences for Red Team typically combine technical controls and operational practices, as detailed in the full definition above.